HomeBug BountyBug Hunter Discovers Google Keep Client-side DoS

Bug Hunter Discovers Google Keep Client-side DoS

Google Keep DOS – On July 30, 2021, bug hunter Tommaso De Ponti uncovered a critical vulnerability within Google Keep, a widely-used note-taking application. The vulnerability, identified as a client-side Denial of Service (DoS) exploit, could potentially block users from accessing their Keep notes.

During his investigation, De Ponti noticed an unusual behavior in Keep’s note functionality: a maximum character limit with accompanying filters to prevent misuse. However, he discovered that the character “Ⱦ” could bypass these filters, allowing for the insertion of an excessive number of characters into a note.

This discovery led De Ponti to develop a payload using the “Ⱦ” character to flood a Keep note with an overwhelming number of characters. Furthermore, by exploiting the note-sharing feature, he could distribute these malicious payloads to unsuspecting users, effectively blocking access to their Keep notes upon opening the shared note.

Despite the significant impact of the vulnerability, the bounty awarded by Google VRP to De Ponti was only $500, a relatively modest sum. Nevertheless, this discovery underscores the importance of rigorous security testing and ongoing efforts to protect digital platforms.

Looking ahead, De Ponti remains committed to sharing his findings and insights on cybersecurity, bug hunting, and related topics. His Twitter account serves as a valuable resource for knowledge sharing and collaboration within the cybersecurity community. Stay tuned for further updates and discoveries from this dedicated bug hunter.


Link to read full write up: here

Save the PDF here

A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.



Please enter your comment!
Please enter your name here

18 − fourteen =

Most Popular


- Advertisement -