Google has patched security flaws in its new Google Base
content hosting system that allowed attackers to steal sensitive
information from users.
The security problem allowed attackers to steal cookies and
other information from Google Base users, and also enabled them to
embed fraudulent forms within Google Base web pages.
This same cross-site scripting vulnerability has previously
affected Google’s search engine and pages on the Yahoo web
portal.
Google Base was only launched last week as a beta solution and
allows users to classify and share different types of information
across the Google web portal.
The flaws in the new system were discovered and reported by
UK-based security expert Jim Ley.
