Google recently patched a bug in Google Docs that may have allowed threat actors to access the private Google Docs files of users. The problem was with the ‘Send Feedback’ system Google Docs and other Google products had integrated within the interface. The bug was reported by Sreeram KL, who also received a $3000+ bounty from Google.
Google Docs bug patched
Sreeram KL, an independent security researcher, reported the bug on July 9, but Google took some time to release an effective fix. It is unsure how much time the bug stayed on for, allowing attackers to compromise user privacy.
According to the researcher, Google has been using a Send Feedback system throughout many of its products and services for a while. The system would include a screen capture when a user decides to send some feedback to the company.
A structural problem regarding the system’s distribution would have allowed a threat actor to understand the RGB values on the screen and decode the same to get a clear picture of the document.
The specific problem occurred because Google was not using independent systems for feedback collection. Instead, the tech giant had redirected all the information to a common URL, regardless of the service from where the ‘Send Feedback’ button was triggered.
Given this scenario, an attacker could have modified the iFrame code on the page to forward the information to an external website and not the Google servers.
Of course, some user-interaction had to be preceded by this malicious action, which clicks on the ‘Send Feedback’ button. Anyway, the company has released a fix to the issue, thereby preventing future problems.
Before the patch, however, attackers could have targeted customers by placing an iFrame of a Google Docs document on their website. Then, when a user clicks on the ‘Send Feedback’ button, a screenshot of the document could have been revealed to the attacker.
It is truly frightening that such issues occur on platforms such as Google Docs, which thousands of users use worldwide.