Google fixed an HTML injection/ cross-site scripting vulnerability that was published by Ha.ckers.org on July 4th. XSS holes can be abused for phishing, cookie stealing, creation of worms and more. Earlier today, the bug was still live and reproduceable on Google.com (this link caused a JavaScript alert reading “XSS”, a proof of concept for an HTML injection).
While XSS vulnerabilites are rarely discovered on Google, they are quite common among other websites. With a site the scale of Google.com however the problem is potentially more serious.
[Thanks Pd and Adam.]
>> More posts
Advertisement
This site unofficially covers Google™ and more with some rights reserved. Join our forum!