Recently security researchers have found a serious vulnerability in google which allows anyone to get access to google's servers.
It was google's tool bar button gallery which holds this XXE vulnerability.This allows its users to customize their toolbar by creating their own buttons.It can be done by uploading a XML file which consists metadata.
Security researchers from Dectify identified that It is clearly exposed to XML EXTERNAL ENTITY vulnerability which allows them to get access to google's internal server contents such as "etc/passwd" and "etc/hosts" files.
Reseachers could have opened the door to any google's internal server files with this critical vulnerability.Also they could have gained access to internal systems using "SSRF Exploitation."
After getting report from researchers,Google has rewarded them with $10,000 for their work,and fixed the vulnerability later.