Google announced yesterday (July 5) that it has fixed a security vulnerability in the Google Reader application.
According to the application developers, the security flaw could be exploited by hackers to steal sensitive user information.
On July 4, a post on Ha.ckers.org Blog reported that Google Reader – Google’s RSS feed reader – was affected by a cross-site scripting (XSS) vulnerability. Attacks exploiting this security flaw could occur through embedding HTML scripts into a blog post or an input field on any website.
“What is the danger of this security flaw to Google?” the article on Ha.ckers Blog questioned. “Firstly, hackers could use it for online phishing attacks. For example, they could set up a website titled ‘Sign up for Google World Beta’. From there, they could steal users’ cookies, phone numbers, and more…”
By the end of yesterday, Google released a statement saying: “We have investigated and confirmed that this is a minor security issue that is not serious. We have resolved this security flaw. We hope that those who discover security vulnerabilities will adhere to proper security disclosure practices, and most importantly, notify the product developers before publicly announcing the vulnerability.”
Hoàng Dũng
