It has been a rough week for the Google Buzz team.
The fiasco over Buzz's privacy settings is starting to die down now that Google has made several changes, but security experts Tuesday discovered that the Buzz for Mobile service contained a flaw that could allow hackers to run their own code on Google Buzz accounts.
Google has already patched the flaw, which was reported by SecTheory. It was a cross-site scripting vulnerability, which could have allowed an attacker to hijack a Buzz account or run a phishing scam.
Google released a statement regarding the flaw. "We fixed a vulnerability that could have affected users of Google Buzz for mobile on February 16th, hours after it was reported to us. We have no indication that the vulnerability was actively abused. We understand the importance of our users' security, and we are committed to further improving the security of Google Buzz."