bug-bounty501
xss260
rce142
google122
malware119
facebook118
bragging-post118
account-takeover112
privilege-escalation110
microsoft100
open-source97
authentication-bypass93
exploit89
csrf83
cve79
access-control77
stored-xss75
phishing72
ai-agents66
web-security66
reflected-xss63
input-validation53
reverse-engineering52
information-disclosure51
sql-injection51
tool51
cross-site-scripting50
api-security50
smart-contract49
privacy48
defi48
ai-security47
ethereum46
vulnerability-disclosure45
apple44
ssrf44
supply-chain43
opinion40
web-application39
llm39
writeup38
automation38
web337
burp-suite37
responsible-disclosure36
dos35
race-condition35
remote-code-execution35
smart-contract-vulnerability33
html-injection33
0
7/10
vulnerability
Googlebot, based on Chrome 41, lacks XSS protection and executes JavaScript in URLs, allowing attackers to inject malicious content, manipulate search index directives (canonicals), inject links that are crawled and indexed, and ultimately manipulate PageRank and search rankings. The researcher disclosed this zero-day to Google in November 2018, which remained unpatched as of publication.
xss
cross-site-scripting
googlebot
search-engine-manipulation
seo-attack
javascript-injection
pagerank-manipulation
google-chrome
web-crawler
vulnerability-disclosure
link-injection
canonical-manipulation
Googlebot
Google Chrome 41
Tom Anthony
Distilled
Robin Lord
Revolut
Google Mobile Friendly Tool
Google Website Rendering Service (WRS)
Google URL Inspector Tool
Sam Nemzer
Joel Mesherghi
OpenBugBounty
Majestic Million