Critical Google Drive Flaw Exposes All Your Files on Shared Computers

Millions of individuals and organizations entrust Google Drive with the storage of contracts, reports, photographs, and work documents, relying on the Windows desktop client to synchronize files between local folders and the cloud. Yet it is precisely this application that has proven vulnerable: researchers have uncovered a critical flaw allowing any user on a shared computer to gain full access to another person’s Google Drive account without reauthentication.

Investigators discovered that the program stores copies of synchronized data within a hidden DriveFS folder inside the Windows user profile. This directory is intended to be accessible only to the account owner. However, the application fails to validate access rights when connecting to the cache. By simply copying the contents of another user’s DriveFS folder into their own profile, an attacker can cause the client to load the victim’s data as if it were their own. Upon launch, Google Drive Desktop treats the transplanted cache as legitimate, bypassing authentication checks and exposing personal and corporate files.

Practical tests showed that on Windows 10 and 11, using client version 112.0.3.0, the procedure is strikingly simple: the attacker logs into Google Drive with their own account, closes the application, copies the victim’s DriveFS directory (C:/Users/[victim]/AppData/Local/Google/DriveFS/[ID]) into their own profile (C:/Users/[attacker]/AppData/Local/Google/DriveFS/[ID]), and restarts the program. The result is unrestricted access to the victim’s primary drive as well as all shared drives—without requiring a password and without triggering any alerts. Source code, financial records, personal photographs, and sensitive corporate documents are all laid bare.

This mechanism undermines the fundamental principles of Zero Trust, which mandate identity verification at every access attempt, while also weakening encryption safeguards. Files within the cache are stored in plain text and can be exploited by anyone with system access. Such practices directly contravene standards and regulations including NIST, ISO 27001, GDPR, and HIPAA, all of which require strict isolation and regular credential validation.

Until a patch is released, organizations are advised to avoid using Google Drive Desktop on multi-user machines. Interim measures include clearing caches upon account changes, employing strictly segregated Windows profiles with rigid access controls, and restricting the client’s execution to trusted devices only. To resolve the issue fully, Google must introduce per-user cache encryption, enforce mandatory reauthentication when connecting folders, and apply strict filesystem permissions.

Given that a substantial proportion of data breaches originate from insider threats, reliance on an unprotected cache represents a direct and immediate danger. Until Google closes this gap, both users and IT departments remain exposed to the risk of unauthorized access to their most critical information.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy