Google has patched a clickjacking vulnerability that a researcher says would enable an attacker to retrieve or delete email conversations, manipulate YouTube and Google Plus accounts, and more. A Google representative said the bug affected developers who had authorized Google API Explorer to take certain actions. Google did pay out a $1,337 bounty on April 21 to researcher Paulos Yibelo, nine days after his initial report. Clickjacking happens when an attacker tricks a user into clicking something on a webpage and executing an attack.
Source: https://threatpost.com/google-patches-clickjacking-bug/112568/