Bulgarian hacker going by name “Keeper” report me that the vulnerability still working even after multiple submissions to Google. I have successfully exploited a Google vulnerability which was ignored by Google itself from last 2 Months. Using Cross site scripting vulnerability I generate a Pop-Up that will convince a Google user to believe that their cookies expired and they have to Login again to access next pages. The Phishing login form is designed using Google service itself and Points to my EVIL server. Once user will try to Login, all credentials will save here and page will show “Done” without any reload.
Source: https://thehackernews.com/2012/11/exploiting-google-persistent-xss.html