Unpatched Google Vulnerabilities That Can Aid Cyber Attacks. Whatever Google has denied these vulnerabilities but these links can be use for hacker friendly. Attacker can use these links for Social engineering and phishing attacks.
When i convert this korean website in Google translate i got a pop up .. and but this cross site scripting in google user content sandbox domains. Google denied to give bounty for this
"Thanks for your bug report! The domain in which the feature is hosted is specifically meant as a compartmentalized "sandbox" for various types of potentially unsafe, user-controlled content. This domain is isolated from any sensitive content due to the same-origin policy.
Google Redirect Vulnerability links:
But Google denied URL redirection for Bug Bounty company said,
"URL redirection. We recognize that the address bar is the only reliable security indicator in modern browsers; consequently, we hold that the usability and security benefits of a small number of well-designed and closely monitored redirectors outweigh their true risks."
Some Google Non qualifying Vulnerabilities are:
Legitimate content proxying and framing.
We expect our services to unambiguously label third-party content and to perform a number of abuse-detection checks, but as with redirectors, we think that the value of products such as Google Translate outweighs the risk.
Bugs requiring exceedingly unlikely user interaction.
For example, a cross-site scripting flaw that requires the victim to intentionally type in an XSS payload into a search field in Google Maps may have negligible impact in all practical cases.
Logout cross-site request forgery.
For better or worse, the design of HTTP cookies means that no single website can prevent its users from being logged out; consequently, application-specific ways of achieving this goal will likely not qualify. You may be interested in personal blog posts from Chris Evans and Michal Zalewski for more background.
Flaws affecting the users of out-of-date browsers and plugins.
The security model of the web is being constantly fine-tuned. The panel will typically not reward any problems that affect only the users of outdated or unpatched browsers. In particular, we exclude Internet Explorer prior to version 9.
Presence of banner or version information.
Version information does not, by itself, expose the service to attacks - so we do not consider this to be a bug. However, if you find an outdated version of software and can confirm that it's vulnerable to a particular flaw, please let us know.
Disclaimer: All these links only educational purpose, we are not responsible for any kind of illegal activities of these vulnerability.