Google has an internal platform called Google Issue Tracker that tracks a list of bugs and unpatched vulnerabilities, but that platform itself had a bug that allowed one security researcher to access anything on the list, reports Motherboard. This would have permitted someone to view all of Google’s requested features and unpatched bugs, potentially allowing hackers to exploit the information. Google has since patched the flaw.

Security researcher Alex Birsan was able to access that information by using a function that allows external researchers to unsubscribe from email lists about particular issues. Once unsubscribed, the system would then send details of the bug in a final response. The system assumed the user had permission in the…

Continue reading…