OK but the same vulnerability exists if short URLs weren't used -- in that case the link source would link directly to the now-hijacked domain. So why does Google have to care about this?
Is it because they're worried that the domain name goo.gl in the link implies a Google endorsement? Seems like they should have thought of that before launching the service in the first place?
Still, the frequency of actual abuse must be low and going down over time (due to the data set being read-only since 2019 and actual traffic to these links surely decreasing as time goes on)...
