bug-bounty527
xss288
rce154
google119
account-takeover118
bragging-post118
exploit96
open-source94
privilege-escalation94
facebook90
authentication-bypass89
csrf87
microsoft81
stored-xss75
cve73
malware71
access-control69
ai-agents66
web-security65
reflected-xss63
writeup56
phishing51
input-validation51
ssrf51
sql-injection50
smart-contract49
cross-site-scripting48
defi48
privacy47
tool47
information-disclosure47
ethereum45
api-security45
apple41
reverse-engineering41
web-application40
cloudflare40
vulnerability-disclosure39
dos38
llm37
burp-suite37
opinion36
automation36
web335
responsible-disclosure35
oauth35
browser34
ai-security34
lfi33
idor33
0
7/10
vulnerability
Googlebot, based on Chrome 41, lacks XSS protection and executes JavaScript in URLs, allowing attackers to inject malicious content, manipulate search index directives (canonicals), inject links that are crawled and indexed, and ultimately manipulate PageRank and search rankings. The researcher disclosed this zero-day to Google in November 2018, which remained unpatched as of publication.
xss
cross-site-scripting
googlebot
search-engine-manipulation
seo-attack
javascript-injection
pagerank-manipulation
google-chrome
web-crawler
vulnerability-disclosure
link-injection
canonical-manipulation
Googlebot
Google Chrome 41
Tom Anthony
Distilled
Robin Lord
Revolut
Google Mobile Friendly Tool
Google Website Rendering Service (WRS)
Google URL Inspector Tool
Sam Nemzer
Joel Mesherghi
OpenBugBounty
Majestic Million