Google fixes Gmail security flaw


Google fixes Gmail security flaw

Antony Savvas

Google has fixed a flaw in its Gmail web e-mail service that could have allowed remote attackers to compromise users’ e-mail accounts. The flaw came to light when a web blogger called “Anthony” highlighted the problem.

The flaw allowed JavaScript code to be run when a user viewed a particular message in Gmail, potentially allowing malicious code to be used by an attacker to compromise a Gmail account.

The blogger is reportedly a 14-year-old schoolboy. He discovered the flaw after sending rogue code from his Yahoo web mail account to his Gmail account. His blog is hosted by the Google Blogger service.

Google said it fixed the flaw shortly after the blogger’s initial blog on the problem was posted. Google was not alerted to the flaw directly by the blogger and had to rely on the monitoring of its own blogging service.

It is not thought that the vulnerability was exploited by any remote attackers.


Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy