I want to report a technical security or an abuse risk related bug in a Google product (SQLi, XSS, etc.)


Are you a security researcher and want to report an issue you discovered? Go to g.co/vulnz.

Did you know?

Around 90% of reports we receive describe issues that are not security vulnerabilities, despite looking like one. For example:

  • I'm receiving e-mail messages addressed to another user with a similar name.
    It's most likely a typo made by that other person (please note that bob.foo@gmail.com is actually the same account as bobfoo@gmail.com). Go ahead and read this article for an explanation, it's not a bug.
  • XSS in translate.googleusercontent.com or yourblog.blogspot.com
    These are examples of sandbox domains created specifically to ensure that XSS there does not pose a risk to our users. It's not a vulnerability.

But there's more! If you're a security researcher, make sure to look at the list available on our Bughunter University before continuing.



Further resources:

  • For information on how to protect yourself and your personal information, please visit our guide to staying safe online at https://www.google.com/goodtoknow/
  • To find answers to many common questions and concerns about privacy and user data related to any Google product or service, please visit our Privacy Troubleshooter.