An unresolved security weakness in Google Drive can be exploited by software attackers to distribute malicious files disguised as normal documents or images targeting users, thereby allowing users to allowing them to deploy large-scale phishing attacks with a fairly high rate of success.
With that said, this is a vulnerability that Google has confirmed, but as of now it has not been patched. This vulnerability exists in the “manage versions” function of Google Drive, which is designed to allow users to upload and manage different versions of a file, as well as the interface. latest for users.
Logically, manage versions will allow Google Drive users to update the old version of the file to the new version with the same extension, but not quite. According to A. Nikoci, a professional system administrator who reported the vulnerability to Google and then revealed the details to The Hacker News, in terms of functionality, the vulnerability in manage versions allows users to upload the latest version of the currently archived files with any extension that does not have the specific resemblance to the original design, even with a malicious executable.