We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

First Google Buzz flaw patched

No indication flaw was exploited

Google has fixed a web flaw that gave hackers a way to take control of Google Buzz accounts.

The flaw was patched just hours after being disclosed on a web-hacking blog run by Robert Hansen, CEO of SecTheory.

The bug lay in the m.google.com domain used by Google Buzz for mobile, and could have been exploited by hackers to manipulate other people's Google Buzz accounts.

This type of flaw, known as a cross-site scripting error, is common, but it can have nasty consequences on widely used sites such as Google.

In addition to taking control of Buzz accounts, scammers could have leveraged the flaw to create hard-to-detect phishing pages that used the Google.com web domain.

Google spokesman Jay Nancarrow said that the company has "no indication that the vulnerability was actively abused".

Launched just last week, Google Buzz has had a rough rollout.

Over the weekend, Google was forced to make changes to the service after users complained that it exposed potentially private information by automatically publishing lists of users' closest Gmail contacts.

See also: Google Buzz attracting spammers already


IDG UK Sites

5 reasons not to wait for the Apple Watch: Why you shouldn't buy the iWatch

IDG UK Sites

Why local multiplayer gaming is rapidly vanishing: we look at the demise of split-screen and LAN...

IDG UK Sites

How Emotional Debt is damaging digital design

IDG UK Sites

How to update your iPhone or iPad to iOS 8: including how to install iOS 8 if you don't have room