Acting very quickly, Google fixed the security hole on Jan. 1 after being notified of its existence on Dec. 30. According to reports online, however, the flaw was only partly corrected. The flaw can exploit, either via a website or by manually inserting code into a user's web browser, users who have logged into Gmail, Blogger or other Google services with their Google accounts. An attacker could potentially send malicious messages with viruses or malware to people on an exposed contact list.
The vulnerability was discovered by 16-year-old Haochi Chen of Columbus, Ohio. He was tinkering with an undocumented feature of the Google Video service that allows a user to e-mail videos to anyone in their Gmail contact list. According to Chen, Google responded to his alert within 30 hours after he reported the flaw to them. Google patched the problem on Monday morning. According to ZDNet's Googling Google blog, the vulnerability was "only partially fixed. The author of the blog, Garret Rogers wrote: "I recommend you log out of Gmail when you are not using it until the problems are solved."