Ben Hayak has shared details on a recent Same Origin Method Execution vulnerability in Google Plus, which allowed him to download a user’s private photos and videos that they’ve uploaded to Google Plus.
His full POC is on his blog, but there’s a video below.