|
|
|
|
|
|
by IWentToTheWoods
4881 days ago
|
|
|
Yes, it uses googledrive.com, but not for anything user-identifiable. The threat is that a user logs in to googledrive.com and receives an authentication cookie tied to their Google account. Later, they view a malicious user page at googledrive.com/host/someevilpage, and a script on that page reads the authentication cookie and sends it to the attacker, who can now log in to googledrive.com as the victim. That doesn't happen here because you don't actually log in to googledrive.com. The worst a malicious script could do is harvest data set by other scripts, and that's a drastically smaller (although still present) threat. |
|
|