We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,812 News Articles

Google plugs security holes in website

Users exposed to phishing attacks

Google has patched security flaws in its website that would have exposed users to phishing and other attacks designed to steal account information, according to security researchers.

Researchers at risk management software company Watchfire posted an advisory this week about the flaws, which are called XSS, or cross-site scripting, vulnerabilities. These types of vulnerabilities leave a site open to various attacks, such as account hijacking, changing of user settings, cookie theft/poisoning or false advertising.

The advisory for the flaws can be found here.

The possibility for attacks at www.google.com was present when users encountered two different error pages, the "404 not found" error message and a website redirection error message.

Google did not properly secure these pages, which exposed users to possible attack by exploiting the 7bit Unicode Transformation Format character-encoding mechanism, according to Watchfire.

The company corrected the flaws by using character-encoding enforcement, according to Watchfire.

Google was not immediately available for comment.


IDG UK Sites

The 30 best TV shows on Netflix UK: Our pick of the best programmes you can watch right now

IDG UK Sites

Nostalgia time: Top 10 best selling mobile phones in history

IDG UK Sites

VFX Emmy: Game of Thrones work garners gong for Rodeo FX

IDG UK Sites

Apple 13-inch MacBook Pro with Retina review (2.6GHz, 128GB, mid-2014)