Google slams the door on XSS flaw
‘Stop cookie thief!’
Google has patched a cross-site scripting (XSS) vulnerability in one of its web-hosting services.
If left unpatched, the vulnerability could have allowed hackers to modify third-party Google documents and spreadsheets, and view mail subjects and search history, according to the Google Blogoscoped blog.
Philipp Lenssen, the author of Google Blogoscoped – a third-party site that comments on Google developments – said the vulnerability was similar to another vulnerability in Blogger Custom Domains, reported at the weekend.
Read more: silicon.com