/>
X
Innovation

Gmail flaw fixed?

It is still uncertain how serious a javascript flaw in Gmail is, and whether it has been fixed completely. The flaw allows spammers to harvest contact details from a user's account by launching a cross-site scripting attack.
tom-espiner.jpg
Written by Tom Espiner, Contributor on

It is still uncertain how serious a javascript flaw in Gmail is, and whether it has been fixed completely. The flaw allows spammers to harvest contact details from a user's account by launching a cross-site scripting attack.

To exploit the flaw, the hacker adds a piece of code to their website server, which in turn gives them access to the Gmail contacts of passing browsers, if users are signed in to their Gmail account.

There is some speculation about how serious a flaw this is, and whether there has been a complete fix. According to ZDNet blogger Garrett Rogers Google has partially sorted out the problem.

"The problem is only partially fixed. The vulnerability exposed through video.google.com has been patched up, but there are other subdomains where the problem still exists," said Rogers in his blog.

Google was unavailable for comment at the time of writing.

Editorial standards

Related

Slow internet at home? This adapter is the key to faster wired connectivity
replace-this-image.jpg

Slow internet at home? This adapter is the key to faster wired connectivity

Meta's AI guru LeCun: Most of today's AI approaches will never lead to true intelligence
yann-lecun-crop-for-twitter-sept-2022

Meta's AI guru LeCun: Most of today's AI approaches will never lead to true intelligence

There's no joy in Windows laptops, claims MacBook-loving Google employee
windows 11 screen laptop

There's no joy in Windows laptops, claims MacBook-loving Google employee