XSS in Google Search
In these videos from 2019, LiveOverflow explores an XSS vulnerability found in Google Search by the bug bounty hunter Masato.
The first video demonstrates how the XSS Masato found on google.com works – by abusing a difference in parsing behavior observed when comparing JavaScript-enabled and -disabled contexts.
The second video takes a deep dive and looks at why Masato was able to discover this XSS and how this bug and the research it involved can serve as an example of security research in general.
XSS on Google Search – Sanitizing HTML in The Client? – ft. LiveOverflow & Masato
How did Masato find the Google Search XSS? – ft. LiveOverflow & Masato