This will bring to the fore all the things that Google does that folks think about as normal features but takes lots of investments to get right. Google would never have a security lapse like this one.
In terms of easy AuthZ bypasses from Microsoft, the Azure OMIGOD vulnerability [0] comes to mind, aka "CVE-2021-38647 - Remote Code Execution - Remove the Authentication header and you are root."
To be fair to Microsoft, Apple also had one of these (although it only affected your local machine) with CVE-2017-13872 which let you become root by entering the username "root," clicking into the empty password field, and pressing Submit. [1]
I'll repeat my comment from upthread: authorization is hard!