Google patches critical hole

By Derek Sooman on October 11, 2005, 2:20 PM
Google has successfully patched a security hole on its main search-engine website, closing the chances of a a cross-site scripting attack. The vulnerability, which was found by security company Finjan in September, could have allowed a remote attack to take over Google accounts. It could also have been used to deceive computer users into going to a bogus site and giving up personal information.

Two Google.com sub-sites contained forms that did not validate and filter input. Because of the lack of data validation and filtering, the vulnerability could have allowed an attacker to inject content and scripts and steal Google.com users' cookies. When users were logged on, an attacker could then gain access to Google services such as account information, saved searches, Google alerts and the user's Google Groups identity, Finjan said.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.