Bug discovered on: 1st May 2017 Research time: 10:30 a.m to 11:00 a.m
The Google Document is having Google Keep for make notes.
It is accessble through Tools menu's Keep notepad , which opens up Google Keep on the right hand side of the window. The notes could be deleted between clicks by tricking the user.
May 2nd 2017: Bug Triaged.
May 5th 2017 : Bug filed for panel's evaluation.
May 12th 2017: $500 reward issued !
The vulnerability is now fixed by removing the Delete and Add to document options if the document is embedded in any site and making it work only in docs.google.com.
Comments
Post a Comment