In fixing vulnerabilities

Jul 7, 2006 10:17 GMT  ·  By

Google joins Microsoft on a negative path that can leave it handicapped by vulnerability plagues. The Redmond Company has long passed a simple bug problem and is now faced with a veritable epidemic of flaws that have crawled into all corners of its applications. And Google is on the way of joining in sharing this syndrome. A security vulnerability discovered in Google Reader could have permitted the theft of confidential information from Web users.

A vulnerability in Google's RSS feed aggregation tool could have been exploited in order to launch cross-site scripting attacks.

"We learned of a minor security flaw in Google Reader earlier today and worked quickly to fix the problem, which has now been resolved. We encourage all vulnerability reporters to follow responsible disclosure practices and notify vendors first before making the vulnerability public," said Google in a statement.

An attacker could have embedded malicious HTML scripts in Web postings or input fields on a Web site in order to steal information. But the implications go farther than this. Phishing sites could have been created on Google adding to the possibility of log cookies theft.

This latest vulnerability adds up to older flaws in Google products. Just last year Gmail had several flaws that allowed remote access to user's emails.