Google patches serious Buzz exploit

Only a week after the release of Google Buzz, hackers have already found an exploit that allows someone to compromise a user's Google Buzz account, according to ha.ckers.org. The exploit actually lay inside the Google Buzz code, on the mobile (m.google.com) server.

Google acted quickly to patch the flaw, with a fix already deployed in a matter of a few hours on Tuesday night. Google later issued an email on Wednesday morning, explaining the situation. The cross-site scripting error, common in web applications, such as Google Buzz, involved an exploit in which an attacker can inject client-side scripts into webpages viewed by others.

Google issued a statement that there was "no indication that the vulnerability was actively abused." It is certainly very promising for Google Buzz users that the exploit is already patched and no sensitive data was stolen or compromised.

google-buzz-xss

image courtesy of ha.ckers.org

This isn’t the first time since the launch last week that Google has made changes. Google addressed a privacy issue with users concerns of their contacts getting leaked onto the Internet, through their Buzz posts.

Users wishing to fully disable their Google Buzz account can do so by following this guide.

Report a problem with article
Previous Story

How to fully disable Google Buzz

Next Story

StarCraft II closed Beta goes live

16 Comments - Add comment