Date:05/01/21
Google has confirmed that it has finally patched a glitch in Google Docs which had allowed hackers to read your documents. The flaw was discovered back in July 9, 2020 by a security researcher, known only as Sreeram KL, who was awarded $3,133.70 as part of Google's bug bounty program. Google offers between $500 and $31,337 for the most severe attacks identified by researchers, so based on the monetary value assigned by the team at Google, this clearly wasn't the most concerning glitch – it could still be pretty problematic.
The bug was discovered in the Send Feedback and Help Docs Improve features, which allow users to submit screenshots and notes about the online app to help the engineers at Google fix any issues, or implement new functionality that users have suggested. When users agree to send a screenshot with their complaint, the image isn’t taken by Google Docs, but rather, by Google.com.
This saves Google the hassle of duplicating its screenshot function across a dizzying number of its online apps, including Docs, Slides, YouTube, Maps and more.
Instead, the screenshot feature was built to handle requests from all of these various Google apps. However, a flaw in the system meant that hackers could capture screenshots from Google Docs sent by users without their knowledge. This was possible due to a weakness in the URL structure being employed by Google, which made it possible to anticipate the incoming screenshots.
So, hackers could siphon off screenshots of issues within these documents. Given that millions of people rely on Google Docs for education, work, and personal notes – this was a serious issue.
A bug in Google Docs allowed strangers to take screenshots of your documents
GOOGLE has confirmed that it has fixed a glitch in Google Docs uncovered back in July 2020 that could allow hackers to steal screenshots of your private word documents.Google has confirmed that it has finally patched a glitch in Google Docs which had allowed hackers to read your documents. The flaw was discovered back in July 9, 2020 by a security researcher, known only as Sreeram KL, who was awarded $3,133.70 as part of Google's bug bounty program. Google offers between $500 and $31,337 for the most severe attacks identified by researchers, so based on the monetary value assigned by the team at Google, this clearly wasn't the most concerning glitch – it could still be pretty problematic.
The bug was discovered in the Send Feedback and Help Docs Improve features, which allow users to submit screenshots and notes about the online app to help the engineers at Google fix any issues, or implement new functionality that users have suggested. When users agree to send a screenshot with their complaint, the image isn’t taken by Google Docs, but rather, by Google.com.
This saves Google the hassle of duplicating its screenshot function across a dizzying number of its online apps, including Docs, Slides, YouTube, Maps and more.
Instead, the screenshot feature was built to handle requests from all of these various Google apps. However, a flaw in the system meant that hackers could capture screenshots from Google Docs sent by users without their knowledge. This was possible due to a weakness in the URL structure being employed by Google, which made it possible to anticipate the incoming screenshots.
So, hackers could siphon off screenshots of issues within these documents. Given that millions of people rely on Google Docs for education, work, and personal notes – this was a serious issue.
Views: 363
©ictnews.az. All rights reserved.Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World