Security News > 2020 > September > Bug in Google Maps Opened Door to Cross-Site Scripting Attacks

Bug in Google Maps Opened Door to Cross-Site Scripting Attacks
2020-09-08 14:25

A researcher earned a double-payment totaling $10,000 for a cross-site scripting bug he found in Google Maps.

Minutes after Shachar was notified of the patch and bounty payment award, he said he found a bypass for the Google Maps fix.

The initial vulnerability stemmed from a Google Maps function that allows users to create their own map, said Shachar.

That's because in order to fix the flaw, Google appeared to have added an additional CDATA tag - meaning an attacker could merely add two CDATA closing tags, said Shachar.

Last year Google debuted the Developer Data Protection Reward Program, which offers up to $50,000 for reports on violations of the Google Play, Google API and Google Chrome Web Store Extension program privacy policies.


News URL

https://threatpost.com/bug-in-google-maps-opened-door-to-cross-site-scripting-attacks/159006/

Related news

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 103 257 4343 4739 748 10087