5 Months Later Google Has Not Fixed A Googlebot Search Exploit

Tom Anthony after 5 of informing about a way to manipulate Googlebot to execute Javascript on other people’s websites where can and will index those changes, including links, he decided to publish the details publicly, since didn’t take action.

Google told us at Engine Land “We appreciate the researcher bringing this issue to our attention. We have investigated and have found no evidence that this is being abused, and we continue to remain vigilant to protect our systems and make improvements.”

Yea – okay, well, now they need to go fix it. It is sad to hear that they have known about this for 5 months and have yet to fix it. It reminds me of when they knew about the knowledge panel for years and didn’t fix that until it became a huge issue.

Here are some tweets about this from folks in the industry:

Tom goes through how to accomplish this on his blog in detail and I suspect Google will now have to race to fix the issue before some take advantage of it – if Google is telling the truth that no one has yet used this method. Of course, webmasters should make sure their sites against XSS exploits but there are lots of web sites out there that probably are not.

You might also like More from author

Leave A Reply

Your email address will not be published.