A Google employee used an exploit to make it possible to access a user’s personal data without their knowledge or consent, according to a blog post published today by a researcher at the University of Wisconsin-Madison.
Google used an “in-browser exploit” to obtain user cookies and other data, which were not stored on the website, according the post, published on the university’s blog.
The exploit allowed the attacker to access user data without a password or other authentication, and to upload and download data for analysis, the blog said.
Google told the UW-Madison researcher it is aware of the vulnerability and has implemented “several fixes” to address it.
Google said it was not aware of any other publicly known attacks.
The company added that it is committed to protecting users’ data and said it is working with the UW and the U.S. Federal Trade Commission on ways to strengthen protections for privacy.
In its blog post, Google acknowledged that the vulnerability has been exploited in the past and noted that it has improved protections in its software.
The company said it would not share information about specific users or organizations unless specifically asked by law enforcement or law enforcement agencies.
Google noted that many people use social media and other sites, and its products are available to people around the world.
Google said the vulnerability is likely to affect more than 100 million people worldwide, including many users in the United States.
The UW-Milwaukee post did not specify whether the researcher used the same exploit that was used in the previous post, but a researcher using the same flaw in Google’s Chrome browser earlier this year said he had exploited the same vulnerability to access personal information of more than 150 million people.