Google patches serious Buzz exploit

Only a week after the release of Google Buzz, hackers have already found an exploit that allows someone to compromise a user's Google Buzz account, according to ha.ckers.org. The exploit actually lay inside the Google Buzz code, on the mobile (m.google.com) server.

Google acted quickly to patch the flaw, with a fix already deployed in a matter of a few hours on Tuesday night. Google later issued an email on Wednesday morning, explaining the situation. The cross-site scripting error, common in web applications, such as Google Buzz, involved an exploit in which an attacker can inject client-side scripts into webpages viewed by others.

Google issued a statement that there was "no indication that the vulnerability was actively abused." It is certainly very promising for Google Buzz users that the exploit is already patched and no sensitive data was stolen or compromised.

google-buzz-xss

image courtesy of ha.ckers.org

This isn’t the first time since the launch last week that Google has made changes. Google addressed a privacy issue with users concerns of their contacts getting leaked onto the Internet, through their Buzz posts.

Users wishing to fully disable their Google Buzz account can do so by following this guide.

Report a problem with article
Previous Story

How to fully disable Google Buzz

Next Story

StarCraft II closed Beta goes live

16 Comments

Commenting is disabled on this article.

Its only a matter of time before Google gets sued over privacy rights. I don't understand why Google is so obsessed with recording everything everyone does, and saving it. You can bet that "Buzz" is only intended for their data harvesting. I'm almost tempted to switch to live.com/hotmail for my email because I'm so sick of it.

TC17 said,
Its only a matter of time before Google gets sued over privacy rights. I don't understand why Google is so obsessed with recording everything everyone does, and saving it. You can bet that "Buzz" is only intended for their data harvesting. I'm almost tempted to switch to live.com/hotmail for my email because I'm so sick of it.
The same can probably be said for every other free service out there, internet businesses aren't around to make friends, Google is no exception.

Another bug fixed. And in such a fast manner. Google is handling this better than I expected and faster than other companies. I don't see why people bash on Google for this, there are always flaws/privacy concerns with every social networking site now, at least Google is this fast to fix them.

Decaytion said,
Another bug fixed. And in such a fast manner. Google is handling this better than I expected and faster than other companies. I don't see why people bash on Google for this, there are always flaws/privacy concerns with every social networking site now, at least Google is this fast to fix them.

Ditto. No software is 100% bug/flaw/exploit free. At least Google handled the issue in a timely fashion.

i just disabled Buzz myself. it seems useless for me and all it does is open the door for more ways to exploit flaws.

ThaCrip said,
i just disabled Buzz myself. it seems useless for me and all it does is open the door for more ways to exploit flaws.
Whilst I couldn't care less for Buzz or any other social networking tool for that matter, this is just paranoid talk.

Northgrove said,
Wow, a few hours? That was quick!

Google have been improving and fixing Buzz quite rapidly, I'm surprised.

Kristan K said,
Google have been improving and fixing Buzz quite rapidly, I'm surprised.

Except for the issue of not being able to comment on posts from Google Reader >.>

Kristan K said,

Google have been improving and fixing Buzz quite rapidly, I'm surprised.

these are the things they were supposed to be fixing during internal testing...