Google Apps Script vulnerability could have opened the door for malware

No user interaction required - and the exploit could've been used to distribute any form of malware.