• epyon22
    link
    fedilink
    English
    arrow-up
    4
    ·
    11 months ago

    It’s based on security hole in what I’m interpreting as a web API. You leverage a legitimatly logged in Google account on a malicious website and this web endpoint gives you keys to everything else