bug-bounty458
google364
microsoft314
facebook272
xss250
apple179
malware176
rce165
exploit141
cve111
account-takeover104
bragging-post101
phishing84
privilege-escalation81
csrf81
supply-chain68
stored-xss65
authentication-bypass63
dos63
browser62
reflected-xss57
react54
cloudflare51
reverse-engineering49
cross-site-scripting48
input-validation48
aws48
docker47
node47
access-control47
smart-contract45
web343
ethereum43
sql-injection43
web-security42
ssrf42
defi42
web-application41
oauth37
writeup37
race-condition36
burp-suite35
vulnerability-disclosure34
info-disclosure34
idor34
html-injection33
cloud33
auth-bypass33
lfi32
smart-contract-vulnerability32
0
6/10
vulnerability
Clickjacking vulnerability in Google Docs where the absence of X-Frame-Options headers allows embedding the service in iframes, enabling attackers to trick users into activating voice typing and recording private conversations via microphone permissions.
clickjacking
google-docs
x-frame-options
iframe-injection
microphone-access
voice-typing
web-security
privacy-violation
google-vrp
Google Docs
Raushan Raj
0
5/10
bug-bounty
Security researcher reports six clickjacking vulnerabilities across Google services (Play Store, Payments, Docs Picker, Sites) totaling $14,981.70, exploiting improper X-Frame-Options/CSP configurations and open redirects to enable unauthorized user actions like unintended subscription charges, account compromise, and private content exposure.
clickjacking
x-frame-options
csp-bypass
open-redirection
google-play
google-payments
google-docs
google-sites
youtube
frame-ancestors
bragging-post
Google Play
Google Payments
Google Docs Picker
Google Sites
YouTube
Raushan Raj