Malware can be automatically downloaded on PCs due to Google’s login page bug! Google had declined to classify it as a security issue and closed all the reports.
Google’s Login Page Has a Bug! It Can Download Malware To Your PC
We hope you must have a reliable
anti-malware installed in your computer because what we are about to
inform you will leave you in shock. As we all know, Search giant Google
is known for its better services and it has dominated the market.
We regularly use Google services like
Gmail, Google Photos, Google Drive etc. But, what if I tell you that
Google’s login page can allow hackers to automatically download files on
your computer, once the victim presses the Sign in Button.
Aidan Woods, a British security
researcher had found a vulnerability on Google’s login page that simply
allows hackers to download files on user’s computer as soon as the
victim clicks on “Sign in” button
The problem occurs because Google allows
“continue=[link]” parameter in every Google’s login page URL. The
parameter simply tells Google server where to redirect the users after
authenticating.
However, Google has restricted the use
of Parameter only to Google.com because Google anticipated that this
parameter might cause security concerns. Aidan Woods also determined
that drive.google.com or docs.google.com links can also be passed as
valid “continue” parameters inside the login URL.
Any expert hacker can effortlessly
upload malware and users who receive such links are most likely to be
tricked into thinking it’s the real Google Login URL.
Aidan Woods also reached Google’s security team to report about this bug reports but they closed all of them. It was the Google’s final reply
“Thanks for your bug report and research
to keep our users secure! We’ve investigated your submission and made
the decision not to track it as a security bug. This report will
unfortunately not be accepted for our VRP. Only first reports of
technical security vulnerabilities that substantially affect the
confidentiality or integrity of our users’ data are in scope, and we
feel the issue you mentioned does not meet that bar”
Comments
Post a Comment