XSS vulnerabilities in Google Cloud, Google Play could lead to account hijacks


Cross-site scripting (XSS) attacks could have been carried out using a pair of vulnerabilities in Google Cloud, DevSite, and Google Play, leading to account hijacking.

A Google DevSite flaw that causes reflected XSS is the first vulnerability. A hostile actor could view and alter its contents by controlling a link that ran JavaScript on the origins http://cloud.google.com and http://developers.google.com, circumventing the same-origin restriction.According to the researcher, other users “don’t think the identical server response” would be sent to them without using the attacker-provided URL, The Daily Swig reported. Read More…