CVE-2023-29044

Name of the Vulnerable Software and Affected Versions Google Docs versions prior to the fixed version

Description The issue allows documents operations to be manipulated to contain invalid data types, possibly script code. This could lead to script code injection into an operation that would be executed for users actively collaborating on the same document. The operation data exchanged between collaborating parties is not properly escaped, which could allow code execution. No publicly available exploits are known.

Recommendations For Google Docs versions prior to the fixed version, consider disabling collaborative document editing until a patch is available. As a temporary workaround, restrict access to collaborative document features to minimize the risk of exploitation. Avoid using collaborative document editing features in Google Docs until the issue is resolved.