Vulnerability reporters sometimes report issues related to the ability to log out Google users by navigating their browser to a particular URL. In some ways, this behavior is undesirable, but we believe that it cannot be reliably addressed on the modern web: for example, malicious websites may also simply overflow the browser cookie jar and drop your authentication cookies for other websites on the internet.

Conclusion

If you report this kind of "logout CSRF", we won't file a bug based on your report, as we do not prioritize it as a security risk.

Note: The team at Google that maintains our authentication infrastructure is aware of this issue and is likely to revisit the current approach if more robust and resilient authentication mechanisms emerge and gain traction on the web.