bug-bounty497
xss260
rce139
google120
bragging-post118
facebook117
malware116
account-takeover112
privilege-escalation111
microsoft99
open-source97
authentication-bypass96
csrf84
exploit83
access-control77
stored-xss75
cve74
phishing72
web-security67
ai-agents66
reflected-xss63
input-validation53
information-disclosure52
reverse-engineering52
ai-security51
tool51
sql-injection51
cross-site-scripting50
api-security50
smart-contract49
privacy48
defi48
ethereum46
vulnerability-disclosure45
apple44
ssrf44
supply-chain41
opinion40
web-application39
llm39
automation38
burp-suite37
web336
responsible-disclosure36
writeup36
credential-theft35
race-condition35
remote-code-execution35
dos34
smart-contract-vulnerability33
0
7/10
vulnerability
Googlebot, based on Chrome 41, lacks XSS protection and executes JavaScript in URLs, allowing attackers to inject malicious content, manipulate search index directives (canonicals), inject links that are crawled and indexed, and ultimately manipulate PageRank and search rankings. The researcher disclosed this zero-day to Google in November 2018, which remained unpatched as of publication.
xss
cross-site-scripting
googlebot
search-engine-manipulation
seo-attack
javascript-injection
pagerank-manipulation
google-chrome
web-crawler
vulnerability-disclosure
link-injection
canonical-manipulation
Googlebot
Google Chrome 41
Tom Anthony
Distilled
Robin Lord
Revolut
Google Mobile Friendly Tool
Google Website Rendering Service (WRS)
Google URL Inspector Tool
Sam Nemzer
Joel Mesherghi
OpenBugBounty
Majestic Million