|
|
|
|
|
|
by latexr
927 days ago
|
|
|
Ultimately you may find that the best course of action is to publish your findings to the wider web. You reported it to the ones who can fix it and they dismissed it as unimportant, thus they are signaling to you there is no harm in talking about it. So let everyone else know. Either people will agree with Google and this wasn’t a big issue, or they’ll agree with you and criticise Google. From the latter, either they will fix it or they won’t but everyone else wins because they either know to not trust Google because of a known vulnerability or the problem will no longer be. But keeping this a secret for long will be harmful. If you found it, bad actors can too. For all we know this is being exploited today. |
|
|