Google fixes flaw before publicised

Vulnerability quickly dealt with, says security vendor

Google has fixed a security vulnerability on its search-engine website within days of being notified by security vendor Finjan Software, Finjan says.

Finjan's Malicious Code Research Centre notified Google of a cross-site scripting vulnerability in September, according to Finjan. Google fixed the problem within "a few days," says a Finjan spokeswoman.

The vulnerability could have allowed a remote attack to take over Google accounts or to fake Google's content and deceive computer users into going to a bogus site and giving up personal information, Limor Elbaz, Finjan's vice president of business development and strategy, says.

Two sub-sites contained forms that did not validate and filter input. Because of the lack of data validation and filtering, the vulnerability could have allowed an attacker to inject content and scripts and steal Google users' cookies. When users were logged on, an attacker could then gain access to Google services such as account information, saved searches, Google alerts and the user's Google Groups identity, Finjan says.

A Google spokesman wasn't immediately available for comment.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Googleflaw

More about FinjanGoogle

Show Comments