Summary: Researcher Brutecat has identified two critical vulnerabilities in the YouTube platform that could allow attackers to link a user’s Gmail address to their YouTube account, enabling phishing attacks and account hijacking. The discoveries were made through an analysis of the Google People API and the Pixel Recorder application. Google has since acknowledged and patched the vulnerabilities, and the researcher received a total of ,633 in bug bounty rewards for this significant finding.
Affected: YouTube platform, Google services
Keypoints :
- Two vulnerabilities in YouTube could expose Gmail addresses of creators.
- Attackers could exploit these vulnerabilities for phishing campaigns and account hijacking.
- Google has patched the vulnerable systems following the researcher’s report and awarded a total of ,633 for the discovery.
Source: https://securityonline.info/google-pays-10633-for-youtube-security-vulnerabilities/
Views: 8