Google allows attackers to retrieve the profile picture of accounts if they know... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tinus_hn on Jan 18, 2022 \| parent \| context \| favorite \| on: Same-origin violation vulnerability in Safari 15 c... Google allows attackers to retrieve the profile picture of accounts if they know the account name, which they can retrieve using this bug.

sa1 on Jan 18, 2022 [–]

Which sounds, like they are meant to be public? If the user has already been identified, public info can’t be expected to be secret anymore.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact