In the Manage Versions feature of Google Drive, it allows users to upload and manage different versions of a file to be stored and retrieved.
Google Drive maintains a version history of all the files you upload or create within the application.
According to a system administrator, A. Nikoci,via The Hacker News, a flaw in this Manage Versions feature could let hackers get away with the opportunity to swap an authentic file stored in a user’s drive, with a malware of the same file type.
The process has been demonstrated for awareness by Nikoci in three videos.
The file storage service supposedly does not check if the online preview of the file is of the same version as that stored in Google Drive. Seemingly harmless files may turn out to be malicious.
As Google Drive does not flag it, users might not be aware about this file until they install it.
This loophole could prompt hackers to initiate phishing attacks fooling users into allowing malware access to systems owned by them.
Also, Google’s browser Google Chrome by default, trusts Drive downloads even if third-party anti-virus packages flag the issue.
This loophole hasn’t been patched by Google yet after it was notified.
On an unrelated note, Gmail and other GSuite applications faced a disruption in their services last week.