bug-bounty502
xss260
rce143
google123
malware119
bragging-post118
facebook118
account-takeover112
privilege-escalation107
microsoft100
open-source97
exploit92
authentication-bypass90
csrf83
cve79
access-control77
stored-xss75
phishing72
ai-agents66
web-security64
reflected-xss63
input-validation52
reverse-engineering52
information-disclosure51
sql-injection51
tool51
cross-site-scripting50
api-security49
smart-contract49
privacy48
defi48
ai-security47
ethereum46
vulnerability-disclosure45
apple44
ssrf44
supply-chain44
opinion40
web-application39
llm39
writeup38
automation38
burp-suite37
web337
responsible-disclosure36
race-condition35
dos35
remote-code-execution35
smart-contract-vulnerability33
credential-theft33
0
7/10
vulnerability
Googlebot, based on Chrome 41, lacks XSS protection and executes JavaScript in URLs, allowing attackers to inject malicious content, manipulate search index directives (canonicals), inject links that are crawled and indexed, and ultimately manipulate PageRank and search rankings. The researcher disclosed this zero-day to Google in November 2018, which remained unpatched as of publication.
xss
cross-site-scripting
googlebot
search-engine-manipulation
seo-attack
javascript-injection
pagerank-manipulation
google-chrome
web-crawler
vulnerability-disclosure
link-injection
canonical-manipulation
Googlebot
Google Chrome 41
Tom Anthony
Distilled
Robin Lord
Revolut
Google Mobile Friendly Tool
Google Website Rendering Service (WRS)
Google URL Inspector Tool
Sam Nemzer
Joel Mesherghi
OpenBugBounty
Majestic Million