For once, it's Google in the spotlight for having security deficiencies. Security flaws in some of the company's Web-based products have been uncovered, in particular in Froogle comparison-shopping service.

According to Israeli security researcher Nir Goldshlager, a malicious hacker could exploit the hole by embedding a JavaScript in a URL pointing to Froogle. Once the link is clicked, the JavaScript triggers a browser redirect to a malicious Web site where the target's Google cookie is stolen.

Google has replied that the vulnerability has since been fixed. However, Israeli security researcher Nir Goldshlager, who provided proof-of-concept exploits of the cross-site scripting scenarios to Google, warned that information from stolen cookies can be used even if the password is changed.

"The system authenticates the hacker as the victim, using the stolen cookie file. Thus no password is involved in the authentication process. The victim can change his password as many times as he wants, and it still won't stop the hacker from using his box," Goldshlager said.