News
MagThis!
Forums
Projects
 
Subscribe Subscribe to RSS feed
Home » Yet another Gmail vulnerability squished by Google
Update: Love the layout? Send your comments to the forums! If I get many positive responses, I may release the theme for free.
0

Yet another Gmail vulnerability squished by Google

Posted by multippt

Google has patched up a vulnerability (due to a CSRF [cross site request forgery]) (within hours after it was reported) that would allow a malicious JavaScript (!) script to display the visitor (of the site with the malicious script) his or her Gmail contacts if he or she were still logged into their accounts. It is a little worrying that this bug existed since day 1, and it is even more worrying if you had confidential information within the contact list.

Google sure deserves credit for patching this vulnerability quickly on New Year’s day.

Posted in General, Internet, Security
No Comments
Posted on 1 January

Anyone is allowed to post a comment here. Resist the urge to spam, unless you want your comment to join the other 12,516 comments that were deleted. If you think I may have missed out your comment, please feel free to post your comment again.

© 2008 Tevine | Policies