Google Security Team Shoot itself in the foot. Ansuman Samantaray, an Indian penetration tester discovered a small, but creative Security flaw in Google drive that poses phishing threat to million of Google users. The flaw exist in the way Google Drive preview the documents in the browser. Online preview of the files executing code written in doc files as HTML/JavaScript just by changing the value of a parameter called “export” in the URL. An attacker can execute malicious script through Google drive files, not just phishing attack, but an attacker able to extends the attack to malware spreading, etc.
Source: https://thehackernews.com/2013/03/script-exceution-flaw-in-google-drive.html