Timing attack can allow to unmask targeted Google users as they browse the web. Attack could be used by an attacker to target a particular person or organization. An attacker could even use this attack in spear phishing campaigns or even could unmask the identity of Tor users if they’re logged in to Google while using the Tor browser. The issue was responsibly reported to Google Security team by Andrew Cantino, the vice president of engineering at Mavenlink, who previously had been awarded a bug bounty from Google multiple times.
Source: https://thehackernews.com/2014/09/unmasking-google-users-with-new-timing.html