We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Google says Docs flaws are not critical

Search engine considering changes to software

Google has claimed that three flaws in its Docs office suite, which were identified last week, are far from critical.

Google Docs is a free, standalone product, as well as a component in the broader collaboration and communication suite Google Apps, which comes in free and fee-based versions and is designed for workplace use.

In a blog, Jonathan Rochelle, Google Docs' product manager, said its investigation into the flaws had shown the concerns "do not pose a significant security risk to users".

Ade Barkah, the founder of enterprise application consultancy BlueWax identified the flaws last week. According to Barkah, one of the flaws allows images to be accessible even if a document has been deleted or the sharing rights have been revoked while the second flaw enables users to see all versions of an image that's been modified. Barkah also found a third problem but is not releasing details on it just yet.

Rochelle said images are kept independently of the documents in which they appear for fear that deleting them would break references to them in other documents and external blogs.

"In addition, image URLs are known only to users who have at some point had access to the document the image is embedded in, and could therefore have saved the image anyway - which is fully expected," he said.

Ultimately, document owners can request that images be purged from their account by sending an email to Google's support team at [email protected]

"We may consider explicitly preventing viewers from accessing drawing revisions," Rochelle said in regards to the second flaw.

"For now, if document owners decide they don't want viewers to have access to their revisions, they can simply make a new copy of the document - from the File menu - and share that new version. The revision history of both the document and all embedded drawings is removed in copies of documents."

Google's conclusions aren't a surprise. Hours after Barkah published his report, Google responded with a preliminary statement saying it was investigating the matter but that it didn't believe there were significant security issues with Docs.

Nonetheless, Google evidently sees some merit in Barkah's report. Google has added information regarding Barkah's observations to its Docs 'help' pages about creating drawings and about adding viewers and collaborators to documents.

"We are also exploring alternative design options that might further address the concerns. We'd like to thank the researcher for sharing his concerns with us," Rochelle said.

Following Google's investigation, Barkah indicated that he's not done with his security analysis of Google Docs. "At this time, new details and test scenarios are still emerging. I appreciate the excellent feedback I'm receiving from Google Security. I am continuing to share my most recent findings with them, and will be able to comment further once our analysis is complete," he said.

Earlier this month, Google acknowledged that a glitch in Docs caused some documents to be exposed to users without proper permission. The problem occurred among users who had previously shared documents. The company said it affected fewer than 0.05 percent of documents.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia