Adding a malicious notebook to be treated like a trusted notebook in Google Colab — 1337$


When we try to execute any Google Colab notebook from GitHub repo like

Google collab doesn't allow us to run any third party GitHub notebook directly, instead, it gives a warning.

The allows notebooks from google trusted repository like “” to run without any warning. Eg.

Also, When we execute a notebook from the drive, whenever there is a critical functionality like accessing the camera, voice, etc then google colab add a warning prompt, once accepted then only notebook can access the same after execution. Hence, there is the relevance of warning prompt here as it is a parameter to disable and enable some attributes.


The bypass is to execute the notebook from any Github repository without any warning. So, by clicking open in the colab, the notebook got executed without prompt.

1. Create a new file in the public repository and generate a pull request.

2. Open the public notebook below

and execute the code, no warning will be prompted for the user as the repository(googlecolab) is trusted instead the code is malicious


Attack scenario:
1. Presenting a malicious notebook to the victim (as a trusted google notebook) with no warning message.
2. The code I have used in POC can capture victims' media like cameras, voices, etc if previously saved in the browser.

Reported on 2 Jan 2020
Fixed on 16 Jan 2020
Bounty Awarded on 17 Jan 2020

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store