Unfortunately, it doesnt help because these vulnerabilities dont require the user to do anything except navigate to a website that has a script that will infect your browser by invoking browser services maliciously. . . Or it could be on a users frequently used website and the script comes in on a rotation advertisement from Google. No authorization required.
“Or it could be on a users frequently used website and the script comes in on a rotation advertisement from Google. No authorization required.”
This is a HUGE problem most don’t realize is happening. They blame the site but it’s actually the ad API. The Google ad API is DANGEROUS for both websites and users. And what they serve up might be safe for a couple days and then the ad will be rewritten with malicious code added.
I would NEVER subject my users to any API google services on my sites. If revenue is a must I would do it with partnerships with vendors and build it within my own site rather than ever use an API service from anyone, especially Google.