Oh, Google knows. They don't seem to care. At all.<p>I can share some of what Google told me:<p>- Have you read our privacy and security resources?<p>- Have you updated your password?<p>- If you think that a crime has been committed, contact your local law enforcement.<p>- Please use Google Help Centers if you need help with a Google product.<p>So, you know, I took their advice. I contacted federal agencies and cybersecurity investigators. I detailed the vulnerabilities, and how each vulnerability is being exploited in multiple ways. Why? Over 2 billion people are impacted by Google's negligence on this. Because Google Search is the default for iPhone Safari browser, the blast radius is even greater. So, Google is poisoning Google and Apple (and every other service that uses Google Search).<p>It's Google's arrogance about their own negligence that was most shocking to me. I just didn't expect it. I sincerely believed Google maintained a baseline that was above this mark. Joke's on me.<p>It'd be great if Google employees were required to take their own cybersecurity training on Coursera. Additionally, if Google could update their unit testing and integration testing regiments to include testing for these vulnerabilities (to ensure they are not reintroducing them), across services such as Search and Ads and JS and Tagger, that'd be... expected from a top corporation such as Google.<p>Additionally, if any Google employees can offer more meaningful guidance on how to report ongoing security vulnerabilities beyond the fluff I've been given please do share. I'm happy to file a formal report.
they DO, actually - compared to others (meta, for eg). they have bounty hunter rewards, all kinds of new developments. at least you can actually GET to a human response of some sort. but yes - when the "system" favours monopols, dont expect too much battling over your patronage