Google Apps Script is a development platform based on JavaScript that lets developers build standalone web apps and extensions for various parts of the Google Apps ecosystem. Researchers discovered the vulnerability earlier this year while exploring potential for abuse of Google services. Attackers could automatically download arbitrary malware hosted in Google Drive to a machine — and the victim would have no idea it was happening. Google has added restrictions on Google Doc events that could be exploited, including installing scripts and presenting custom interfaces in Docs editors in other users’ sessions.”]
Source: https://www.darkreading.com/cloud/google-apps-script-vulnerability-exposes-saas-to-url-based-threats