5 Months Later Google Has Not Fixed A Googlebot Search Exploit

May 3, 2019 • 8:19 am | comments (8) by twitter | Filed Under Google Search Engine
 

Tom Anthony after 5 months of informing Google about a way to manipulate Googlebot to execute Javascript on other people's websites where Google can and will index those changes, including links, he decided to publish the details publicly, since Google didn't take action.

Google told us at Search Engine Land "We appreciate the researcher bringing this issue to our attention. We have investigated and have found no evidence that this is being abused, and we continue to remain vigilant to protect our systems and make improvements."

Yea - okay, well, now they need to go fix it. It is sad to hear that they have known about this for 5 months and have yet to fix it. It reminds me of when they knew about the knowledge panel exploit for years and didn't fix that until it became a huge issue.

Here are some tweets about this from folks in the industry:

Tom goes through how to accomplish this on his blog in detail and I suspect Google will now have to race to fix the issue before some take advantage of it - if Google is telling the truth that no one has yet used this method. Of course, webmasters should make sure their sites against XSS exploits but there are lots of web sites out there that probably are not.

Forum discussion at Twitter.

Previous story: Google Search Console Adds Three New Reports
 
blog comments powered by Disqus