Google Drive may not be as safe as you expect it to be. The Google service reportedly has a security vulnerability that could allow hackers to send malicious files that appear to look authentic. Google has been notified of the security issue but it hasnt been patched yet.

This was discovered by A. Nikoci, a system administrator who revealed the Google Drive security flaw to The Hacker News. The issue lies in Google DrivesManage Versions feature that lets users upload new versions of different files. It essentially lets users restorean earlier version of a file that wasnt created in Docs, Sheets, or Slides.

According to Nikoci, the flaw in this feature allows users toupload a new version with any file extension for any existing file on the cloud storage, even with a malicious executable. The process is pretty simple as demoed by Nikoci in three videos. It starts with sharing a normal file via Google Drive. Users can then upload a new version of that file through Manage Version. Here, Nikoci easily uploads an infected version of that file. In doing so, Google doesnt detect or identify if its the same file type or not. Anyone having access to that link can download the infected file.

This security flaw comes at a time when people are using services like Google Drive the most. While its cloud storage has been in use, more people are using it now to share files online due to remote work. This kind of malware can lead to spear phishing attacks that aim to compromise a users system. Google had recently fixed a major security flaw in Gmail that was actually detected four months back. The fix came within seven hours after it was made publicly available. It was also shortly after Googles services suffered a global outage.