Security researcher Sreeram KL discovered a flaw in Google Docs that could give a hacker access to the content of documents stored on the service, Report states, citing Geeky Cat.
The flaw was located in the "Send Feedback" tool ("Help improve Google Docs," in the Portuguese version of Docs), which allows users to suggest improvements or report to the Google problems in the text editor. There is an option to send, along with a comment, a screenshot of the currently open document in this tool.
According to Sreeram KL, the flaw in Google Docs consists of redirecting the data that make up this screenshot to another domain, controlled by it, "stealing" the image that should be sent to Google's servers.
Exploiting this flaw in Google Docs requires user interaction, and the stolen data is limited to the part of the document that is currently visible on the screen. That is, it is a particular thing. But still, it poses a risk of exposing personal information. And we must remember that hackers are good at making a victim walk straight into a trap.
The flaw, which was reported in July and recently corrected, earned the researcher US $ 3.133,70 (about R $ 16,4 thousand) as part of the rewards program Google, which encourages researchers to find and report security holes in the company's products.