This template is ONLY for reporting security bugs. If you are reporting a
Download Protection Bypass bug, please use the "Security - Download
Protection" template. For all other reports, please use a different
template.

Please READ THIS FAQ before filing a bug: https://chromium.googlesource.com
/chromium/src/+/master/docs/security/faq.md

Please see the following link for instructions on filing security bugs:
https://www.chromium.org/Home/chromium-security/reporting-security-bugs

NOTE: Security bugs are normally made public once a fix has been widely
deployed.

VULNERABILITY DETAILS
Please provide a brief explanation of the security issue.

Hi !
So, when using Google Sheets, if I get an invitation link and see the Sheet, and see that it has collapsed columns (e.g., to hide certain information from viewers), I can copy everything, and paste it on the app "Notes" (MacOs), I can see the information that was hidden.

In my case, I was viewing grades given by a course at my university, UC, and the name of the alumni was hidden, but their ID wasn't, so you could look for your own grade but not everyone elses.

Screenshots for proof.
I know you offer money for this kind of bug reports ( if they are good enough ) but I would prefer an opportunity to meet a Recruiter for a Software Engineering job over 10k. If my bug report is good enough to win the price, you can keep it and give me that :)

Best,
Diego


VERSION
Chrome Version: [x.x.x.x] + [stable, beta, or dev]
Operating System: [Please indicate OS, version, and service pack level]

REPRODUCTION CASE
Please include a demonstration of the security bug, such as an attached
HTML or binary file that reproduces the bug when loaded in Chrome. PLEASE
make the file as small as possible and remove any content not required to
demonstrate the bug.

FOR CRASHES, PLEASE INCLUDE THE FOLLOWING ADDITIONAL INFORMATION
Type of crash: [tab, browser, etc.]
Crash State: [see link above: stack trace *with symbols*, registers,
exception record]
Client ID (if relevant): [see link above]