To report a security issue, please use http://g.co/vulnz. We use http://g.co/vulnz for our intake and coordination, and disclose vulnerabilities using GitHub Security Advisory. The Google Security Team will respond within 5 working days of your report on g.co/vulnz.