Gmail is the mail service provided by Google and it was one of the first mail solutions that offered its users a 1 GB account, allowing you to save all kinds of stuff. Even if the service was released a long time ago, it is available only by invitation and provides you with several functions to control your mail account.
In the previous months, security companies and multiple users reported some important vulnerabilities in Google services that can allow an attacker to view private information
or even control your computer. This time it's Gmail's turn with a security flaw that can help malicious persons steal your contact list.
"Haochi Chen discovered what looks like a Gmail XSS (cross-site scripting) security problem. Using a small piece of JavaScript you can put on any server, the user's contact names & email addresses are revealed (provided you're logged in to your Google account). I was able to reproduce this using Firefox, and an updated version of the original snippet. With Haochi's code, a malicious website would be able to grab your contact list and transmit it to their server behind the scenes, storing this data for other purposes - like spamming, or finding out more about you," Philipp Lenssen said on a blog post on his blog.
Imagine that after your contact list is exported from your account, an attacker can use it to exploit a lot of other vulnerabilities, using spam methods or other malicious ways available via the mail service.
Google already patched the issue but only after about 30 hours since the company was informed about the vulnerability. No matter its severity rating, it's obvious that Google is continuously affected by security flaws so we should expect for a Google response soon.
Find us on Google+
