X
Business
Home Business Companies Google

Wow, more Google XSS problems

In what seems to be an exploit searching frenzy, Haochi uncovered another XSS vulnerability that easily and without the victims consent can steal cookies and hijack your Google account.  Like the last two found (within in the last 16 days), the bad guy only has to host a website and get someone to visit.
Written by Garett Rogers, Inactive

In what seems to be an exploit searching frenzy, Haochi uncovered another XSS vulnerability that easily and without the victims consent can steal cookies and hijack your Google account.  Like the last two found (within in the last 16 days), the bad guy only has to host a website and get someone to visit.

I will not give you details as to how the exploit works until it has been fixed -- but I can tell you that it is extremely easy for anyone who knows HTML to exploit.

I highly recommend making sure you are completely logged out of your Google account while browsing the internet until we have an official statement from Google stating their security team has thoroughly reviewed every Google property for these types of vulnerabilities.  If Google needs help, I'm sure Haochi and Tony would be up for the challenge! 

Editorial standards
Show Comments

Related

mouse

How much tech can I get from Temu for $100 (and is it any good)?

Placeholder product image alt text

The best AI image generators to try right now

Apple MacBook Air M2

The best MacBook accessories you can buy: Expert tested