Researchers have unveiled a new bug in Google maps that has opened doors for cross-site scripting attacks.
The initial vulnerability stemmed from a Google Maps function that allows users to create their own map. After building the map, users can export it in several formats. One of those formats is Keyhole Markup Language (KML), an XML-like format for expressing geographic annotation and visualization within 2D maps.
Upon exporting the map server response contained a CDATA tag. CDATA tags indicate that a certain portion of the document is general character data and makes sure that the code wouldn’t be rendered by the browser. However, by adding special characters, the CDATA tag can be easily “closed.”
Hacker are reported to exploit this bug by forwarding the map download link to their targets. Once the map is downloaded the attack is launched over the target. Google reported about fixing the bug with a patch which was again bypassed by the researchers to prove the vague effort.
NPAV recommends users to keep their guard up against these cyber attacks. Users must refrain from downloading any document or file from untrusted sources as they may contain backdoor for cyber attacks which can be used to infect your system and network.
Installl NPAV on your devices to keep them protected from all kinds of cyber attacks. Use NPAV and join us on a mission to secure the cyber world.