I want to report a technical security or an abuse risk related bug in a Google product (SQLi, XSS, etc.)


Are you a security researcher and want to report an issue you discovered? Go to g.co/vulnz.

Did you know?

Around 90% of reports we receive describe issues that are not security vulnerabilities, despite looking like one. For example:

  • I'm receiving e-mail messages addressed to another user with a similar name.
    It's most likely a typo made by that other person (please note that bob.foo@gmail.com is actually the same account as bobfoo@gmail.com). Go ahead and read this article for an explanation, it's not a bug.
  • XSS in translate.googleusercontent.com or yourblog.blogspot.com
    These are examples of sandbox domains created specifically to ensure that XSS there does not pose a risk to our users. It's not a vulnerability.
  • And there's lots more! If you are a security researcher, make sure to look at the articles on "Invalid reports" available on our Bug Hunter University before reporting an issue.


Further resources:

  • For information on protecting yourself and your personal information, please visit our Safety Center for tips on staying safe online. 
  • To find answers to many common questions and concerns about privacy and user data related to any Google product or service, please visit our Privacy Help Center.


Clear search
Close search
Google apps
Main menu
Search Help Center