Back in Oct. 2015, Google announced the Accelerated Mobile Pages (AMP) project developed mainly to enhance mobile web performance. In February 2016, the first web pages delivered to users surfaced. Adobe reported that US publishers saw a seven percent increase in total traffic across all platforms because of Google AMP within the year of its launch.AMP4Email introduces engaging and dynamic content in the Gmail party’s inbox. It promises dynamic interaction in the manner that we are all used to through smartphone apps but within email correspondences. The only problem is that, according to Bentkowski, the feature also brought the possibility of launching a cross-site scripting attack by hackers.
This particular cross-site scripting (XSS) vulnerability is a recurrent and obstinate issue in terms of secure development. In other words, the XSS vulnerability of Google’s AMP4EMail allows attackers to deploy malicious scripts inside the web application. The security researcher discovered this vulnerability in the Google Gmail AMP4Email implementation, which he refers to as DOM Clobbering, also known as real-world exploitation of a prevalent browser issue.
The search engine giant is taking the vulnerability more seriously to call the discovery as awesome. Bentkowski reported his discovery using the Google Vulnerability Reward Program last Aug. 15. Google reportedly confirmed its receipt on Oct. 12. Forbes said that the security researcher received $5,000 (£3,895) as a reward from the search engine giant.