Recently I read Detectify Labs post about Using Google Cloud to Bypass NoScript.
So I try to test this method on ScriptBlock plugin for Chrome.
googleapis.com domain is whitelisted by default.
Proof of Concept:
Use Google Cloud Storage for storing files which bypass ScriptBlock. For example this one created by Mathias Karlsson.
- 07-07-2015: Discovered
- 07-07-2015: Vendor notified
- 08-08-2015: New version released, issue resolved