[brutusurp]

Quite sure I reported this JS vulnerability to Google in of December 2022. I also detailed it in a report to SEC. And I kept reporting the issue to Google teams, to which they responded for me to "check their privacy and security docs." See also https://news.ycombinator.com/threads?id=burna_aws_acct, where I commented about it on HackerNews.

But yea, give credit to Clement Lecigne of Google's Threat Analysis Group (TAG), Google's own team. This isn't the first time they've done this either.

Just lost even more respect for that entire operation at Google. So whack.

Off to make another HN account, since I just burned this one...