Google Blogoscoped


Google Docs Cookie Hijacking

Ionut Alex. Chitu [PersonRank 10]

Tuesday, May 12, 2009
15 years ago2,686 views

"This attack can be used to hijack Gmail/ Google doc cookies efficiently if certain conditions are met. The Google
docs are an integrated service provided by Google for online viewing the document. A user logged in to Gmail will
have the same cookie used for if any document. The interdependency can be exploited through this attack vector."

The issues were solved by Google in 5 days.

Juha-Matti Laurio [PersonRank 10]

15 years ago #

It is nice to notice that this cookie issue and this recent issue

were reported to Google in responsible way.

/pd [PersonRank 10]

15 years ago #

Juha, but that has been fixed too.. Google Security Team propgated the fix on 05/07..!

Forum home


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!