Users login

Create an account »


Users login

Home » Hacking News » Google patches a critical hole

Google patches a critical hole

by Nikola Strahija on October 13th, 2005 Google has patched a security hole on its main search-engine website.

The search engine was notified of a cross-site scripting vulnerability in September, according to the security company that discovered it, Finjan. Google fixed the problem "within a few days", said a Finjan spokeswoman.

Two sub-sites contained forms that did not validate and filter input. Because of the lack of data validation and filtering, the vulnerability could have allowed an attacker to inject content and scripts and steal users' cookies. When users were logged on, an attacker could then gain access to Google services such as account information, saved searches, Google alerts and the user's Google Groups identity, Finjan said.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »