British security scientist, Aidan Woods exposed an issue in Google’s login page. Google denied to classify it as a security problem.
We trust you have online insurance against unclassified malware download in light of the fact that what we are going to letting you know is stunning. Google’s business sector strength as far as compass is unquestionably noteworthy and let’s be honest; lion’s share of the world uses Google. Be that as it may, what was to happen if you somehow managed to find that the main solid hotspot for a large portion of your data is influenced with a bug?
For More Tech News Click Here
English security specialist, Aidan Woods found an issue on Google’s login page that permits sharp aggressors to consequently download documents on the client’s PC when he presses the Sign In catch.
The issue is accepted to happen on the grounds that Google permits the “continue=[link]” as a parameter in the login page URL that advises the Google server where to divert the client in the wake of confirming. Google has expected that this parameter may bring about security issues and has constrained its utilization just to google.com areas.
Notwithstanding, Woods assumed this would lead drive.google.com or docs.google.com connections to get effortlessly went as legitimate “proceed with” parameters inside the login URL. A shrewd assailant could without much of a stretch transfer malware like this and clients who get such a connection would in all likelihood be deceived into supposing it’s the genuine Google login URL.
Woods says that he endeavored to advise Google’s security group about the issue, however they shut the greater part of his three bug reports he opened to tell them about the bug.