Google Cloud Print ClickJacking Vulnerability

Last weekend, I had a chance to use the Google cloud print service and found Clickjacking vulnerability. Obviously, X-Frame-Options response header was missing as shown in the below image.

According to the new Google bug bounty program, if clickjacking vulnerability is performed using two clicks will not be considered for VRP or bug. That’s why this vulnerability is not considered by the Google Security team.

Clickjacking VulnerabilityAs this vulnerability doesn’t matter to Google, that’s why we would like to release the Clickjacking vulnerability POC publicly. The working POC can be viewed here.