A Chrome DevTools extension showcasing a security vulnerability in Google Meet breakout rooms.
This project is purely for educational and research purposes. Do not use this code maliciously.
This vulnerability was discovered after a basic foray into how the Google Meet breakout room system works. The breakout rooms feature has almost no security implementations, and any that are in place are extremely easy to bypass. It can be assumed that Google hastily developed this feature to compete with Zoom for virtual learning. Still, the lack of permissions and necessary checks is borderline negligible from a security perspective. This vulnerability was submitted to the Google Vulnerability Reward Program and fixed accordingly.
Mitch Zakocs โ [email protected]
Distributed under the MIT License. See LICENSE
for more information.
- Clone the repository into an easily accessible folder
- Enable Developer Mode in Google Chrome
- Head into the extension settings menu in Google Chrome (Shortcut: Alt+F > L > E)
- Press "Load Unpacked" in the top left
- Select the folder where you cloned the repository
- Press F12 and navigate to the "Google Meet Breakouts" tab for usage instructions (or see Images)
- Fork it (https://github.com/mzakocs/GoogleMeetBreakoutSecurity)
- Create your feature branch (
git checkout -b feature/fooBar
) - Commit your changes (
git commit -am 'Add some fooBar'
) - Push to the branch (
git push origin feature/fooBar
) - Create a new Pull Request