July 5, 2006 5:36 PM PDT

Google fixes security flaw in Reader

Google said it fixed a security flaw in Google Reader on Wednesday that could have allowed a hacker to steal sensitive information from Web surfers.

A Google RSS feed addition tool was vulnerable to a cross-site scripting attack, a poster to the Ha.ckers.org blog wrote on Tuesday. Such attacks involve an attacker embedding HTML scripts in Web postings or input fields on a Web site.

"What are the implications of this attack for Google?" the blog posting asked. "Well, for starters, I can put a phishing site on Google. 'Sign up for Google World Beta.' I can steal cookies to log in as the user in question...I can steal your phone number from the /sendtophone application...get your address because maps.google.com is mirrored....The list of potential vulnerabilities goes on and on. The vulnerabilities only grow as Google builds out their portal experience."

Late Wednesday, Google issued a statement that said: "We learned of a minor security flaw in Google Reader earlier today and worked quickly to fix the problem, which has now been resolved. We encourage all vulnerability reporters to follow responsible disclosure practices and notify vendors first before making the vulnerability public."

See more CNET content tagged:
security flaw, Google Reader, Google Inc., vulnerability, blog


Join the conversation!
Add your comment
Google's flaw
They had a flaw? They must be unreliable if they would allow their millions of users to be at risk like that. Mabye people should stop using it if they are unreliable.
Posted by lovejessii (5 comments )
Reply Link Flag
Is this news?
Google finds a flaw. Google fixes flaw, everyone goes home for tea. Is this really newsworthy? Now if the flaw was used to put the message, "Before of the bunny" on everyone's screen, that would have been a great story!
Posted by thedreaming (573 comments )
Reply Link Flag
Then can it be fix? If not did what can be done?
Posted by Jjesse285 (31 comments )
Reply Link Flag
Thanks, it's a very informative blog.
Posted by ronenmosh (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.