Google Chat - Security UI Flaw Link to heading

Most of you might know Google Chat. A platform made by Google to communicate with other users. Recently, I’ve came across a security UI flaw that exploits links. A malicious actor could insert a malicious link over the original URL. The user would then be redirected to a phishing page or any other malicious links. In this example, I will use Canary Tokens.

Embeds: Link to heading

Embeds on Google Chat often look like this:

YouTube Link to heading

Google Drive Link to heading

Security UI Flaw 🚨 Link to heading

A malicious actor could exploit the link feature in Google Chat. A malicious link could be inserted over the original URL and it would embed the original URL such as the example below:

However, it would redirect to a different page. For example:

Ta-daa! Your personal information leaked 🪄 Link to heading

This is only an example of an IP log. However, malicious actors could utilize phishing tactics such as a Google login page.

Why is this bad? ⚠️ Link to heading

This is bad because unsuspecting individuals are vulnerable over social engineering tactics. Google is aware of this and closely monitoring this bug. Google should utilize pop ups like this: