{"id":1147,"date":"2020-12-29T17:14:13","date_gmt":"2020-12-29T17:14:13","guid":{"rendered":"https:\/\/zerothcode.com\/blog\/?p=1147"},"modified":"2020-12-29T17:14:13","modified_gmt":"2020-12-29T17:14:13","slug":"google-bug-docs","status":"publish","type":"post","link":"https:\/\/zerothcode.com\/blog\/google-bug-docs\/","title":{"rendered":"A Google Docs Bug Could Have Allowed Hackers See Your Private Documents"},"content":{"rendered":"

google bug Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website.<\/p>\n

The flaw was discovered on July 9 by security researcher Sreeram KL, google bug<\/h4>\n

for which he was awarded $3133.70 as part of Google’s Vulnerability Reward Program. google bug<\/h4>\n

Many of Google’s products, including Google Docs, come with a “Send feedback” or “Help Docs improve” option that allows users to send feedback along with an option to include a screenshot<\/p>\n

\u2014 something that’s automatically loaded to highlight specific issues.<\/p>\n

But instead of having to duplicate the same functionality across its services,<\/p>\n

the feedback feature is deployed in Google’s main website (“www.google.com”) and integrated to other domains via an iframe element that loads the pop-up’s content from “feedback.googleusercontent.com.”<\/p>\n

\"\"<\/a><\/div>\n

This also means that whenever a screenshot of the Google Docs window is included,<\/p>\n

rendering the image necessitates the transmission of RGB values of every pixel to the parent domain (www.google.com), which then redirects those RGB values to the feedback’s domain,<\/p>\n

which ultimately constructs the image and sends it back in Base64 encoded format.<\/p>\n

Sreeram, however, identified a bug in the manner these\u00a0messages\u00a0were passed to “feedback.googleusercontent.com,” thus allowing an attacker to modify the frame to an arbitrary,<\/p>\n

external website, and in turn, steal and hijack Google Docs screenshots which were meant to be uploaded to Google’s servers.<\/p>\n

Notably, the flaw stems from a lack of\u00a0X-Frame-Options\u00a0header in the Google Docs domain,<\/p>\n

which made it possible to change the target origin of the message and exploit the cross-origin communication between the page and the frame contained in it.<\/p>\n

\n