A critical vulnerability has been uncovered in Google that could allow an attacker to access the internal files of Google’s production servers.
Sounds ridiculous but has been proven by the security researchers from Detectify.
The team of researchers found a loophole after they noticed that Google Toolbar Button Gallery allows users to customize their toolbars with new buttons. So, for the developers, it is easy to create their own buttons by uploading XML files containing metadata for styling and other such properties. This feature of Google search engine is vulnerable to XML External Entity.Read more