Oren Hafif, a security researcher has discovered a critical vulnerability in the Password reset process of Google account that allows an attacker to hijack any account.
He managed to trick Google users into handing over their passwords via a simple spear-phishing attack by leveraging a number of flaws i.e. Cross-site request forgery (CSRF), and cross-site scripting (XSS), and a flow bypass.<!--