• epyon22@programming.dev
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    It’s based on security hole in what I’m interpreting as a web API. You leverage a legitimatly logged in Google account on a malicious website and this web endpoint gives you keys to everything else