Tom Anthony after 5 months of informing Google about a way to manipulate Googlebot to execute Javascript on other people’s websites where Google can and will index those changes, including links, he decided to publish the details publicly, since Google didn’t take action.
Google told us at Search Engine Land “We appreciate the researcher bringing this issue to our attention. We have investigated and have found no evidence that this is being abused, and we continue to remain vigilant to protect our systems and make improvements.”
Yea – okay, well, now they need to go fix it. It is sad to hear that they have known about this for 5 months and have yet to fix it. It reminds me of when they knew about the knowledge panel exploit for years and didn’t fix that until it became a huge issue.
Here are some tweets about this from folks in the industry:
Amazing Google vulnerability exposed by @TomAnthonySEO, which can be exploited for SEO
“XSS attacks on Googlebot allow search index manipulation”
Most interesting is they don’t seem interested in fixing it. Does this mean Googlebot is ditching Chrome 41?https://t.co/a48mTXhGN1 pic.twitter.com/JC8nnmbwOk
— Cyrus (@CyrusShepard) May 2, 2019
Yikes. Better make sure your sites are protected, especially if you’re a likely link or content injection target. Thanks to @TomAnthonySEO for the transparency: https://t.co/9UDbiQ620C pic.twitter.com/sTzFKyBD2C
— Rand Fishkin (@randfish) May 1, 2019
Nice write up. With regards the disclosure… I believe releasing it is the best course of action. Google confirmed it was not going to be fixed and the only way for people to protect themselves is to know about it. Google reviewed my post before it was released.
— Tom Anthony (@TomAnthonySEO) May 2, 2019
Tom goes through how to accomplish this on his blog in detail and I suspect Google will now have to race to fix the issue before some take advantage of it – if Google is telling the truth that no one has yet used this method. Of course, webmasters should make sure their sites against XSS exploits but there are lots of web sites out there that probably are not.
Forum discussion at Twitter.
This marketing news is not the copyright of Scott.Services – please click here to see the original source of this article. Author: barry@rustybrick.com (Barry Schwartz)
For more SEO, PPC, internet marketing news please check out https://news.scott.services
Why not check out our SEO, PPC marketing services at https://www.scott.services
We’re also on:
https://www.facebook.com/scottdotservices/
https://twitter.com/scottdsmith
https://plus.google.com/112865305341039147737
The post 5 Months Later Google Has Not Fixed A Googlebot Search Exploit appeared first on Scott.Services Online Marketing News.
source https://news.scott.services/5-months-later-google-has-not-fixed-a-googlebot-search-exploit/
No comments:
Post a Comment