Experts at Hacker Online Club published a post on Google vulnerabilities that are currently not under bug bounty program of the company. The first Google vulnerability is a XSS flaw on the Submission Page, the post proposes the below image to demonstrate the flaw and the URLs used to test it. Google responded to the post and said it does not consider the ability to execute JavaScript in sandbox domains to be a bug. Unless an impact on sensitive user data can be demonstrated, we hold that the usability and security benefits of a well-designed and closely monitored redirectors outweigh their true risks.”]
Source: https://securityaffairs.co/wordpress/20448/hacking/google-vulnerability.html