Google fixes Gmail security flaw

News

Google fixes Gmail security flaw

Antony Savvas

Google has fixed a flaw in its Gmail web e-mail service that could have allowed remote attackers to compromise users’ e-mail accounts. The flaw came to light when a web blogger called “Anthony” highlighted the problem.

The flaw allowed JavaScript code to be run when a user viewed a particular message in Gmail, potentially allowing malicious code to be used by an attacker to compromise a Gmail account.

The blogger is reportedly a 14-year-old schoolboy. He discovered the flaw after sending rogue code from his Yahoo web mail account to his Gmail account. His blog is hosted by the Google Blogger service.

Google said it fixed the flaw shortly after the blogger’s initial blog on the problem was posted. Google was not alerted to the flaw directly by the blogger and had to rely on the monitoring of its own blogging service.

It is not thought that the vulnerability was exploited by any remote attackers.


 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy