Gmail vulnerability discovered by 14 year old
Posted in Anthony,a 14 year old kid, has posted on this blog about a Javascript Gmail vulnerability that he discovered.
“Apparently javascript will run if it is withing the preview of the message” wrote Anthony, meaning that hackers could grab email addresses or possibly steal cookies and compromise Google accounts. It’s surprising that this vulnerability existed and who knows how long this has been a hole.
According to Anthony the Javascript he sent to himself was from a Yahoo account, emailing from Gmail to Gmail accounts filters the code out.
24 hours after Anthony discovered the issue Google have now fixed the problem but have not issued a statement regarding this latest privacy slip up.
