Google Drive is said to have a loophole through which the hackers can upload malicious files into one’s computer. The bug has been disclosed to the Google officials. The bug is said to be in the manage versions feature of Google drive. The feature is used to upload and manage different variations of file. Through the feature, users are able to see the changes that are made in their files and they are also able to track the changes.
The loophole in the function is that it allows the user to upload a new version for an existing file with any file extension. The users can also load that file on cloud storage. This loophole can lead to a malicious file uploading in the cloud storage.
All this information was shared by system administrator namely A Nikoci. He also went ahead and shared a demo video of the so-called attack. The users of Google drive can unknowingly install dangerous files in their computers. Chrome also does not show any malware suspicion in the files.
A Nikoci warns the user about the spear-phishing attack that can take place due to this Google drive bug. People can click on links which can result in them opening dangerous attachments. Also, there is a risk of clicking on malware-laden links. However, Chrome does not even issue any warning while people are downloading files from Google drive. No security warning is issued while people have downloaded Google drive files. This loophole can lead to leaking of confidential information or spyware or any other dangerous software getting installed in the user’s device.
Another researcher Allison Husain claimed that there was a bug in Gmail and G suite email service. This bug can allow hackers to send spoofed emails on behalf of any Gmail or G suite user. However, Google has already worked on this bug and have already solved it.