A security researcher has identified a critical vulnerability in Google’s account recovery system that could have allowed attackers to obtain the phone numbers of Google users by exploiting an outdated recovery mechanism that functioned without newer JavaScript protections.
How was the vulnerability exploited?
It turns out that Google’s username recovery form has been operating with JavaScript disabled, circumventing modern bot protections implemented for other services since 2018.
Accordi