I'd like to share some of my Google bugs.
- Google Website Translator CSRF (Add Editor)
Allowed me to become an Editor on someone's Google Website Translator Service.
The page had CSRF Protection, but the CSRF token check was skipped on server side.
- Google Tasks (Part of Gmail) Clickjacking
Found a clickjacking issue in Google Tasks (Gmail), I was able to add arbitrary tasks in users' task list. The affected page was missing