Attackers can add an arbitrary page to the end of a Google login flow that can steal users’ credentials, or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process.
Attackers can add an arbitrary page to the end of a Google login flow that can steal users’ credentials, or alternatively, send users an arbitrary file any time a login form is submitted, due to a bug in the login process.