Security Bug in Gmail attachment

By | April 22, 2014

 Feel good feeling,  when Google fixes the bug you report 🙂 🙂

Few months back , while opening one of my bank statement received on gmail, which is sent to customers on a monthly basis, i felt that its not secure the way it was shown to me. The pdf that sent was password protected. So there was no problem from Bank side as anyone other than the person who knows the password will not be able to open it. Problem was with Gmail doc viewer.

Gmail Security Flaw
Below are some snapshots of the mail chain exchange between myself & Google.

What is a security bug ?

A security bug or security defect is a software bug that benefits someone other than intended beneficiaries in the intended ways.(source wiki)
                                Secure your personal gmail , facebook & yahoo accounts

How i found this ?

I was checking my mails normally(without any intention of testing gmail) and while opening the Citibank statement, i found someone was standing behind me, and the password i was typing was visible.

First Mail sent to security team @ Google

 

How to report it to Google ?

I sent a mail to security@google.com(found by Googling). Wow i got a reply from it with this link, Vulnerability Submission Form for Google Products. Google pays you if you find some serious bugs Google Reward Program
                                             Earn online by Testing 

Was my bug accepted ?

Initial mail chain, they did not accepted , but later Google considered it a low priority bug and told they will take it later on.
First reply from Google and my answer back

 

Was security bug fixed ?

Yes finally Google fixed it, so when you open a password protected pdf now, your password wont be visible but you will see ***. So i feel proud whenever i open my bank statement that it was a problem which was corrected, though they did not rewarded.
Reply from Security Team @ Google
Last Mail Exchanged

Feedback is very important in day to day life. If we don’t give feedback we don’t have the right to complaint,i would recommend everyone to take some time(few seconds) and give feedback to all the services we are using. If even 50% people starts doing this we will see perfect products.

Current Gmail pdf secured attachment behavior

You can leave comments below as your feedback to help me improve this blog.
Don’t forget to subscribe to us to get latest updates in your mail box.

Leave a Reply

Your email address will not be published. Required fields are marked *