A new vulnerability reportedly enables bad guys to silently put a backdoor in Gmail accounts.

From The Register article:
"The technique comes courtesy of Petko D. Petkov, a researcher at GNU Citizen, who writes in a blog post that the backdoor is installed simply by luring a victim to a specially crafted website while logged in to Gmail."

The original report from Petkov (aka 'pdp') is located at
http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/
in turn.