XSS security hole in Gmail’s dynamic email

Naked Security

Did Android users celebrate loudly when Google announced support for Accelerated Mobile Pages for Email (AMP4Email) in its globally popular Gmail service in 2018?

Highly unlikely. Few will even have heard of it, nor have any idea why the open source technology might improve their webmail experience.

They might, however, be interested to learn that a researcher, Michał Bentkowski, of Securitum, recently discovered a surprisingly basic security flaw affecting Google’s implementation of the technology.

Full article