Thanks to Aviran on BPN
If users execute the script by clicking a link, they would be redireted to a malicious website. From there, hackers can read a user's cookie. It may contain personal information, such as purchase histories, or the username and password used to access Google services - such as Gmail.
Goldshlager warned that even if the user chooses not to save the cookie, the hacker can still discover the username and password for other services such as Google Alerts and Groups because of the way that data is stored.
View: Neowin discussion thread