Cybersecurity researchers have detailed a « severe design flaw » in Google Workspace’s domain-wide delegation (DWD) feature that could be exploited by threat actors to facilitate privilege escalation and obtain unauthorized access to Workspace APIs without super admin privileges.
« Such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other
