Flaw Exploits Google Users

January 3, 2007: Google has fixed a glitch in its Gmail that allowed malicious websites to obtain a user’s entire contact list.

The flaw had the potential to make unsuspected users a convenient source for spammers looking to increase their pools of legitimate addresses. Through Gmail, the web-based email service, user contacts are stored via a JavaScript file on their personal hard drive.

For the 30 hours it took for Google to fix the flaw after being notified, contacts stored on the hard drives were left vulnerable to malicious websites. In theory, a user would have to log into a Gmail account and then go on to visit a specific website that incorporates JavaScript code and is actually designed to exploit the Gmail information.

As yet, no users have reportedly been affected by the vulnerability.

Comment on this story.