Image injection /br/games/info may lead to phishing attacks or FB OAuth theft.

In this report, the researcher identified an attack chain that could result in an attacker stealing sensitive user tokens (such as Oauth tokens) via full URL inclusion in the Referer header. One step of this attack involved an image injection exploit on localized versions of the games/info section of the website, e.g. `https://www.rockstargames.com/br/#/games/info`. We have updated the page so that the image injection vulnerability is closed, thus preventing this attack path.