Google has fixed a flaw that would have allowed Web sites to harvest e-mail addresses from Gmail contact lists.
For an attack to work, a user would have to log into a Gmail account and then visit a Web site that incorporates specially designed JavaScript code. This could have allowed spammers to collect reams of new e-mail addresses.
Proof-of-concept code was publicly posted, and Google appears to have fixed the problem within 30 hours of being notified, wrote Haochi Chen, a blogger who tracks the company. A Google spokeswoman in London confirmed today that the problem was fixed.
Thanks to Jeremy Kirk of the IDG News Service London bureau for the report.
No comments:
Post a Comment