Google has fixed a security flaw that had opened the door to
phishing scams, account hijacks and other attacks, security researchers
The flaw, known as a cross-site scripting vulnerability,
existed because Google did not properly secure its mechanism for two
error pages, according to Web security company Watchfire, which discovered the problem. Watchfire posted to a security mailing list an advisory on the issue.
Attackers could exploit the flaw to launch phishing scams or steal a user's credentials, said Ory Segal, director of security research at Watchfire. Phishing scams
are designed to trick people into giving up sensitive information such
as usernames, passwords, credit card details and Social Security