tldr; You can view a preview of private Google Docs despite not having access, as long as you have the doc's link.
Longer version:
I received a link to a Google doc on slack recently, but the owner had forgotten to share permissions with me. Though I couldn't view the doc when I clicked it, I did notice that I could view the first page of the doc in the link preview. It was very high res and I could view the text clearly. Isn't this a security vulnerability worth plugging? I reported it to Google, but they responded with:
"Hi! We've decided that the issue you reported is not severe enough for us to track it as a security bug: when someone with access to a doc sends a link over slack, they express their intent to share this document, hence the preview shared independently from the sharing setup on the doc does not represent a significant risk."
I tried responding that many people have Google Drive links exposed even publicly, but they assume that only those with access can view them. But I got the same response pretty much. Am I missing something here, or is this an oversight by Google?
The reason you've been given sounds like something frowned upon in HN: a shallow dismissal.
Even if we accept their reasoning, there is still something wrong: users don't know about the behavior. There is no "warning: sharing a link to someone gives them a high resolution preview of a page of the document, which doesn't require permissions". It's not what you would assume in a document sharing system that has permissions.