Google Blogoscoped

Thursday, July 6, 2006

Google Fixes XSS Security Problem

Google fixed an HTML injection/ cross-site scripting vulnerability that was published by on July 4th. XSS holes can be abused for phishing, cookie stealing, creation of worms and more. Earlier today, the bug was still live and reproduceable on (this link caused a JavaScript alert reading “XSS”, a proof of concept for an HTML injection).

While XSS vulnerabilites are rarely discovered on Google, they are quite common among other websites. With a site the scale of however the problem is potentially more serious.

[Thanks Pd and Adam.]


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!