Vulnerability in gmail allowing account passwords to be hacked and reset

Security researcher Oren Hifif recently found a vulnerability in gmail allowing hackers to get and reset passwords, this is done using a simple spear-phishing technique (if u dont know already a phishing site is an exact remake of a site in an attempt to take money, passwords etc.). Hackers r doing this by sending emails saying "its been awhile since your password has been changed, please confirm account ownership by clicking this link". It then brings u to a phishing site on google which looks exactly like a google reset password page but its really a remake. And once u type in the password and click reset it says it was successful although truly u have just given ur info to a hacker.