Cross-posted from the Particls blog.
3 severe security vulnerabilities in 3 weeks, is not good for any software company these days. But when you’re a company held with much higher standards and expectations (at your own request), its far far worse.
Haochi uncovered another XSS vulnerability that easily and without the victims consent can steal cookies and hijack your Google account. Just like the others, victim’s need only visit a hosted site by a malicious attacker. I can only imagine the panic at Google as they try to put out these spot fires.
Blogger Garett Rogers, highly recommends “making sure you are completely logged out of your Google account while browsing the internet, until we have an official statement from Google stating their security team has thoroughly reviewed every Google property for these types of vulnerabilities”. This seems a bit alarming, but maybe it’s better to be safe then sorry.
That being said, no-one suggests staying logged out of Windows until Microsoft fixes the bugs.
Well, maybe if they were black, white and feathered they might.
… or if they often felt compelled to put an “i” at the start of their surname.