Python XSS flaw left Google open to attackers
A security researcher reveals how a scripting flaw left many Google services open to an attacker.
This means that an attacker would have a user's Google.com domain cookie, which is the single sign-On cookie to all Google services.
However rather than publish the vulnerability, Inferno reported it straight to Google, which responded within the hour and fixed the flaw after a little more than two weeks.
Inferno said on the blog: "I believe in responsible disclosure, so I waited for this vulnerability to be fixed completely."
Inferno said that the time Google took to fix the flaw was due to vulnerable python script being used in lots of places.
A Google spokesperson said: "We immediately investigated this issue after it was privately reported to us, and we resolved it prior to publication. We take the security of our users very seriously."
Staying ahead of the game in the world of data
Create successful marketing campaigns by understanding your customers betterDownload now
Remote working 2020: Advantages and challenges
Discover how to overcome remote working challengesDownload now
Keep your data available with snapshot technology
Synology’s solution to your data protection problemDownload now
After the lockdown - reinventing the way your business works
Your guide to ensuring business continuity, no matter the crisisDownload now