Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreeram KL, for which he was awarded $3133.70 as part of Google’s Vulnerability Reward Program. The bug stems from a lack of X-Frame-Options header in the Google Doc’s domain, which made it possible to change the target origin.
Source: https://thehackernews.com/2020/12/a-google-docs-bug-could-have-allowed.html

