Rabitə və İnformasiya Texnologiyaları Nazirliyinin elektron xəbər xidməti

A bug in Google Docs allowed strangers to take screenshots of your documents


GOOGLE has confirmed that it has fixed a glitch in Google Docs uncovered back in July 2020 that could allow hackers to steal screenshots of your private word documents.
 
Google has confirmed that it has finally patched a glitch in Google Docs which had allowed hackers to read your documents. The flaw was discovered back in July 9, 2020 by a security researcher, known only as Sreeram KL, who was awarded $3,133.70 as part of Google's bug bounty program. Google offers between $500 and $31,337 for the most severe attacks identified by researchers, so based on the monetary value assigned by the team at Google, this clearly wasn't the most concerning glitch – it could still be pretty problematic.
 
The bug was discovered in the Send Feedback and Help Docs Improve features, which allow users to submit screenshots and notes about the online app to help the engineers at Google fix any issues, or implement new functionality that users have suggested. When users agree to send a screenshot with their complaint, the image isn’t taken by Google Docs, but rather, by Google.com.
 
This saves Google the hassle of duplicating its screenshot function across a dizzying number of its online apps, including Docs, Slides, YouTube, Maps and more.
 
Instead, the screenshot feature was built to handle requests from all of these various Google apps. However, a flaw in the system meant that hackers could capture screenshots from Google Docs sent by users without their knowledge. This was possible due to a weakness in the URL structure being employed by Google, which made it possible to anticipate the incoming screenshots.
 
So, hackers could siphon off screenshots of issues within these documents. Given that millions of people rely on Google Docs for education, work, and personal notes – this was a serious issue.






05/01/21    Çap et