Currently, Google restricts certain attachments from being sent over Gmail to protect users from potential viruses. Other file extensions that are prohibited include .exe, .jse, .ade and .adp.
Recently, .js files have been used to carry out malicious cyberattacks. Last year, a vulnerability in Yahoo Mail gave hackers the opportunity to embed malicious .js code in emails. Once a user opened his or her email, the code would start working and allow the hacker to hijack the user’s account. In April of last year, Microsoft also noticed that many spam campaigns were using .js attachments.Â
Users who still want to share .js files within Google’s ecosystem will still be able to do so via other means, such as Google Drive and Google Cloud Storage.