A young Czech bug hunter has found a security flaw in one of Google’s backend apps. If exploited by a malicious threat actor, the bug could have allowed hackers a way to steal Google employee cookies for internal apps and hijack accounts, launch extremely convincing spear-phishing attempts, and potentially gain access to other parts of Google’s internal network.
This attack vector was discovered by security researcher Thomas Orlita in February, this year, and has been patched in mid-April, but only now made public.