Google Blogoscoped

Thursday, July 6, 2006

Google Fixes XSS Security Problem

Google fixed an HTML injection/ cross-site scripting vulnerability that was published by Ha.ckers.org on July 4th. XSS holes can be abused for phishing, cookie stealing, creation of worms and more. Earlier today, the bug was still live and reproduceable on Google.com (this link caused a JavaScript alert reading “XSS”, a proof of concept for an HTML injection).

While XSS vulnerabilites are rarely discovered on Google, they are quite common among other websites. With a site the scale of Google.com however the problem is potentially more serious.

[Thanks Pd and Adam.]

Google Fixes XSS Security ... by Philipp Lenssen | Comments (1)

>> More posts

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!