Google plugs Gmail security hole

Google has patched a recently reported Gmail flaw that could allow attackers to steal information from inside a user account.

The vulnerability was discovered by independent security researcher Petko Petkov, who classified it as a cross site request forgery.

The attack is triggered when a user visits a website containing malicious code while logged into Gmail. The code executes a special command to access the Gmail account and sets up a new filter without the user's knowledge. Google plugs Gmail security hole - Security -

Linked by shanmuga Sunday, 7th October 2007 10:50PM