Unholy trinity of flaws put Google users at risk
Doomwatchers count the ways
If you use Google to send email, organize photos or help administer your website, doomwatchers have cataloged three new ways to steal your data and compromise the security of your users. All three of the techniques rely on cross site scripting, or XSS, in which hackers inject unauthorized code by making it appear as if it’s hosted by a trusted website.
The most serious vulnerability resided in the so-called polls application, a part of Google Groups. It made it possible to steal contacts and messages from Gmail accounts. A Google spokesman on Monday afternoon said the flaw had been fixed.
Read more: theregister.co.uk