This bug was found by David Schütz.
Check out his write up on his blog: [ Ссылка ]
This bug that existed in Google's backend API allowed an attacker to watch a private video on youtube without having the required permissions. The attacker can view the youtube video by stealing it one frame at a time.
This bug existed in an embedded YouTube player on Google Ads. The Google Ads feature "Moments" was exploited to steal individual thumbnails (or frames) of any private video, which can be combined to form the video.
Google awarded 5000$ reward for this discovering this bug to the author David Schütz.
Join my Discord Server: [ Ссылка ]
Follow me on Instagram: [ Ссылка ]
Follow on Twitter: [ Ссылка ]
Website: [ Ссылка ]
Blog: [ Ссылка ]
