First of all I like to said this XSS it's stored on Google "sandbox" and it impossible to grap Cookies.
But its possible to send it to an other user using "Google Art Project Add-ons" at https://plus.google.com/
Hangouts allows users to hold conversations between two or more users. The service can be accessed online through the Gmail or Google+ websites, or through mobile apps available for Android and iOS (which were distributed as a successor to their existing Google Talk apps).
This Persistent XSS can be more significant than other types because an attacker's malicious script is rendered automatically when an modify art project it's share to the Victim using hangouts add-ons.
(like showing under)
(This is an Interactive Chat and can be easy use by anyone)
I first modify the Art Protect I want to inject at http://www.google.com/
Then using Google Art Project Add-ons on "Google Hangouts" I can share it to all users in the chat triggering the XSS.
(Below Google Art Injection Points)
This attack can be use to publish user login cross site scripting attack or other malicious scripts.
I like to thanks Google again for this Reward.