Google Does Nothing About Known Vulnerability

There comes a time when "the big guy" gets too big and doesn't care about the needs of the individual consumers and Google could be getting close. They have been notified of a vulnerability where a page could be created that submits the Google Login information to a third party. This is actually pretty easy to do and would be a way to hijack someone's credentials quite easily. It is fixable, and Google has been notified, but they haven't done anything about it for a while now. Google's response:

Thanks for your bug report and research to keep our users secure! We've investigated your submission and made the decision not to track it as a security bug. 
 
This report will unfortunately not be accepted for our VRP. Only first reports of technical security vulnerabilities that substantially affect the confidentiality or integrity of our users' data are in scope, and we feel the issue you mentioned does not meet that bar :(
 
Bummer, we know. Nevertheless, we're looking forward to your next report! To maximize the chances of it being accepted, check out Bughunter University and learn some secrets of Google VRP.


Source: AidanWoods