Exploit in Google Docs allows anyone to un-crop images

Runch

Runch

Crunch
True & Honest Fan
kiwifarms.net
Joined
Jul 12, 2021
theintercept.com

Whistleblowers Take Note: Don’t Trust Cropping Tools

Cropping tools like those in Google Docs allow viewers to see the full, original images.
theintercept.com theintercept.com


If the document creator used the built-in cropping functionality within Google Docs, turns out it's actually very easy to un-crop any image you have access to, even if it was only shared with you as a viewer.

Simply copy the image and paste it into a new Google document, then right click it and choose "reset image." You'll be able to see the full original image. I just tested this myself and it works.

You can even just download a zipped .html web page version of the document, which will also contain the original image, which might be more useful for fast archival of many documents to examine later.

This is very niche functionality...I don't know about others, but I always prepare an image completely in an editor before adding it to a document. But think about how many thousands of Google documents have been shared out there. Accusations, evidence, compilations of data...there are bound to be some with worthwhile information hidden in the margins. Who knows how long before Google patches this...
 
  • Informative
Reactions: Baguette Child, Rozzy, 1-800-GAMBLER and 7 others
DumbDude43 said:
anyone with a brain manually crops pics in mspaint anyway
Click to expand...
People at work once saw me going through the take 'screenshot, open MS Paint, paste, crop, save' process. They suggested I instead use the Snipping Tool function.

TO HELL WITH YOU AND YOUR SNIPPING TOOL, THIS IS THE WAY I'VE DONE IT SINCE I WAS LIKE 10, I'M NOT GOING TO SWITCH IT NOW. YOU'RE WRONG AND I'M RIGHT, FOOLS.
 
  • Winner
  • Like
  • Feels
Reactions: Matt Damon, m1ddl3m4rch, NoSpiceLife and 17 others
Schwarzwald said:
People at work once saw me going through the take 'screenshot, open MS Paint, paste, crop, save' process. They suggested I instead use the Snipping Tool function.

TO HELL WITH YOU AND YOUR SNIPPING TOOL, THIS IS THE WAY I'VE DONE IT SINCE I WAS LIKE 10, I'M NOT GOING TO SWITCH IT NOW. YOU'RE WRONG AND I'M RIGHT, FOOLS.
Click to expand...

1676396481300.png
 
  • Dumb
  • Autistic
  • Like
Reactions: Matt Damon, Inafune Fanfiction, Tims and 4 others
Hugger Brother said:
View attachment 4530130
Click to expand...
apps.38787.13721543416381481.d9b69167-7f69-464c-99cd-f3efc066877d.jpg

Cropped(mark area with the mouse, ctrl-y), resized(ctrl-r) and saved to a 4KB JPG from a 284KB 1240x1240 PNG in less than 10 seconds and that includes the time it takes to start the program. There's no need to scroll down the list to choose one of many the many formats it exports to, just add .jpg or whatever to the filename and the program understands what you're up to. IrfanView is truly wonderful.
 
  • Agree
  • Informative
  • Like
Reactions: Wright, Inafune Fanfiction, Smith Banquod and 1 other person
reptile baht spaniard rid said:
This kind of thing is true of many document formats - word and powerpoint also let you "crop" an image but it doesn't actually crop it, just adjust the viewable window.

And sometimes the original image even escapes into PDF when saved lol.
Click to expand...
EXIF thumbnails. It's not a concern anymore since every site scrubs EXIF data, but way back there was a british celebrity that accidentally posted her nudes by not knowing what was embedded. The images were cropped to be headshots or something like that but the JPGs included the uncropped 640x480 thumbnails. A bunch of early e-girls used to make the same mistake when they were thirst trapping on forums.
 
  • Informative
Reactions: reptile baht spaniard rid
Smaug's Smokey Hole 2 said:
EXIF thumbnails. It's not a concern anymore since every site scrubs EXIF data, but way back there was a british celebrity that accidentally posted her nudes by not knowing what was embedded. The images were cropped to be headshots or something like that but the JPGs included the uncropped 640x480 thumbnails. A bunch of early e-girls used to make the same mistake when they were thirst trapping on forums.
Click to expand...
I wonder what you could find if you scraped all internet content and ran a search for "EXIF thumbnail ≠ current image" on old data.

Probably some bad stuff, tbh.
 
  • Thunk-Provoking
Reactions: Smaug's Smokey Hole 2
reptile baht spaniard rid said:
I wonder what you could find if you scraped all internet content and ran a search for "EXIF thumbnail ≠ current image" on old data.

Probably some bad stuff, tbh.
Click to expand...
Probably a lot of gross anatomy and filthy living conditions. Not all forum software scrubs everything including KF. Maybe that's changed but some KF members accidentally doxed themselves via embedded GPS coordinates.
 
  • Informative
Reactions: reptile baht spaniard rid
vomitusdeux said:
Why would you crop your pic after you put it in google docs lol? the only editing that should be done in the final document is size editing.
Click to expand...
Because you want to align things in situ or need to be able to reframe figures as other content is added or the format is finalised, or split a single artefact into multiple pages or columns (doubly so if they need to float as new content comes in), or you have pure layout elements and wanna use a kind of master tilemap instead of separate files for every fucking border line or whatever, or it's a collaborative document where someone else might want to do any of these things.
It's a standard workflow in publishing software (I'm talking about shit like InDesign, not so much word processors), but they'll always bake the output so it's a non-issue outside of this typical google jank.

Pretty sure I knew about this exploit ages ago and have used it to recover originals from old projects a bunch of times, lol
 
You must log in or register to reply here.
Back