Articles Google Docs Vulnerability allowed to view other people's documents

Google Docs Vulnerability allowed to view other people’s documents


Google has patched a vulnerability in its feedback tool used in its services. The vulnerability made it possible to steal screenshots of confidential documents from the Google Docs service by simply embedding them into a malicious website.

The vulnerability was discovered on July 9 by security researcher Sreeram KL, for which he received $ 3,133 from Google as part of a bounty program for reporting vulnerabilities.

Many Google services, including Google Docs, have a feedback option that allows users to submit feedback, bug reports, and suggestions for improving the service to the company. Users have the option to include screenshots that load automatically in their posts to illustrate the problem.

However, instead of duplicating functionality across all services, Google implemented it on its main site (www [.] and integrated it with other domains via an iframe element that loads pop-up content from This means that whenever a screenshot is included in the Google Docs window, rendering the image requires passing the RGB values ​​of each pixel to the parent domain (www [.], which then redirects those RGB values ​​to the feedback domain, which ultimately generates the image and submits its back in Base64 encoded format.

Security researcher Sreeram KL identified a vulnerability in the way these messages were transmitted to the domain. With its help, an attacker could replace the frame with arbitrary external websites and thus intercept screenshots of Google Docs that were intended to be sent to Google servers.

The vulnerability is caused by the absence of the X-Frame-Options header in the Google Docs domain, which could allow an attacker to modify the target message source and exploit the link between the page and the frame it contains.

Although the attack requires some user action, such as clicking the “Send Feedback” button, an attacker could easily exploit the vulnerability to capture the URL of the uploaded screenshot and move it to a malicious site. This can be achieved by embedding a Google Docs file in an iframe on a fraudulent site and intercepting the feedback popup to redirect its content to the attacker’s controlled domain.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you