Google Drive update to protect to shared links
June 27th, 2014 | Published in Google Online Security
Posted by Kevin Stadmeyer, Technical Program Manager
At Google, ensuring the security of our users is a top priority, and we are constantly assessing how we can make our services even more secure. We recently received a report via our Vulnerability Reward Program of a security issue affecting a small subset of file types in Google Drive and have since made an update to address it.
This issue is only relevant if all of the following apply:
Today’s update to Drive takes extra precaution by ensuring that newly shared documents with hyperlinks to third-party HTTPS websites will not inadvertently relay the original document’s URL.
While any documents shared going forward are no longer impacted by this issue, if one of your previously shared documents meets all four of the criteria above, you can generate a new sharing link with the following steps:
This issue is only relevant if all of the following apply:
- The file was uploaded to Google Drive
- The file was not converted to Docs, Sheets, or Slides (i.e. remained in its original format such as .pdf, .docx, etc.)
- The owner changed sharing settings so that the document was available to “Anyone with the link”
- The file contained hyperlinks to third-party HTTPS websites in its content
Today’s update to Drive takes extra precaution by ensuring that newly shared documents with hyperlinks to third-party HTTPS websites will not inadvertently relay the original document’s URL.
While any documents shared going forward are no longer impacted by this issue, if one of your previously shared documents meets all four of the criteria above, you can generate a new sharing link with the following steps:
- Create a copy of the document, via File > "Make a copy..."
- Share the copy of the document with particular people or via a new shareable link, via the “Share” button
- Delete the original document