A member-only article on Kumawat Bhijeet’s LinkedIn page details how the Google Maps platform was subject to a potentially harmful HTML injection vulnerability.
The bug was discovered by Sagar Jondhale, and allows malevolent actors to inject malicious code into the Google Maps platform.
The vulnerability occurs within the Google Maps chat function, whereby users can send messages to businesses.
A specific HTML payload can be embedded within these messages and, upon receipt, the business owner will see the malicious code rendered in the email client.
This is a result of improper input filtering and handling, and highlights the fact that core software functions such as sanitising user input is vital for overall security integrity.
Those concerned that this vulnerability could be exploited for malicious purposes should ensure strict security measures, such as endpoint security and virtual private networks, are in place.