Had Google left the the cross-site scripting (XSS) vulnerability unpatched, hackers could have modified third-party Google documents and spreadsheets as well as had access to e-mail subjects and search history.
According to Philipp Lenssen, the author of Google Blogoscoped, the first Google Custom Domains vulnerability allowed Tony Ruscoe (another Google expert) to create a page that was hosted on a Google.com domain. Ruscoe proved that he could have used code to steal a user's Google cookie and access their Google services. The second vulnerability, reported by Lenssen, would also have enabled a hacker to use JavaScript code to pass cookie data to an external source.
Google hit two birds with one stone according to a representative: "Google was alerted to these issues, and we worked quickly to fix the problems, which have been resolved. We have not received any reports of user data being compromised."
News source: News.com
According to Philipp Lenssen, the author of Google Blogoscoped, the first Google Custom Domains vulnerability allowed Tony Ruscoe (another Google expert) to create a page that was hosted on a Google.com domain. Ruscoe proved that he could have used code to steal a user's Google cookie and access their Google services. The second vulnerability, reported by Lenssen, would also have enabled a hacker to use JavaScript code to pass cookie data to an external source.
Google hit two birds with one stone according to a representative: "Google was alerted to these issues, and we worked quickly to fix the problems, which have been resolved. We have not received any reports of user data being compromised."
News source: News.com
However unlike some other companies, web sites, Google openly admits and patches the flaws quickly. I wish MS was as responsive at times.
Good baby, Google!
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.