Security researcher came up with combination of Clickjacking and CSRF vulnerabilities in Google’s Docs that can allow a hacker to create a document in victim’s Drive for further phishing attack. A recent demonstration hacker successfully performed an attack on Google Docs to trick users to grab their Facebook, Gmail, Yahoo credentials with Credit Card Information. If phishing attempt works, hacker will be able to see all updates remotely, anytime – anywhere. Because attacker and victim, both are the owner of this new file, where attacker can make document public for further access after removing himself from ownership of that document.
Source: https://thehackernews.com/2013/03/hacking-google-users-with-googles.html