Latest in Breaking news

Image credit:

Gmail bug exposes your mail account to spammers

Share
Tweet
Share
Save

Sponsored Links

Like your Gmail account? Consider it a sacred place which must be protected from spammers at all cost? Yeah, us too. Well, we hate to break the bad news at the dawn of the new year but there's a weakness in Gmail which exposes your email address to any web site capable of exploiting the bug. As reported on Digg, the exploit takes advantage of the fact that Google puts your details into a JS file. As a result, if you're logged into Gmail and browsing the web, any rogue website can declare the function "google" and then parse all your contacts. The only way to safeguard yourself is to disable Javascript in your browser (or enabled it for trusted sites only) or simply climb into a hole and not browse while logged into Google services like Gmail, Blogger, Orkut, Reader, Calendar, etc. -- you know, the sites you typically have open all day long. For obvious reasons, we will not link directly to the site which demonstrates the exploit on your personal account due to the risk of running possibly malicious code. However, we tested it and found our most precious account -- and those of our contacts -- correctly identified and ready for harvest. But hey, even though Gmail has been out since 2004, it is still "beta"... right?

Update 1: There are reports that Google has fixed the issue. Their "fix" is related and with any luck should be applicable. However, it's no fix. Don't believe us? Login to your fave Google service and give this non-malicious link a click.

Update 2: Google seems to have now patched the vulnerability.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Share
Tweet
Share
Save

Popular on Engadget

Google is ending support for the Explorer Edition of Glass

Google is ending support for the Explorer Edition of Glass

View
Despite the HQ2 debacle, Amazon will add office space in Manhattan

Despite the HQ2 debacle, Amazon will add office space in Manhattan

View
Apple plans software fix for 16-inch MacBook Pro 'speaker popping'

Apple plans software fix for 16-inch MacBook Pro 'speaker popping'

View
Elon Musk wins defamation trial over ‘pedo’ remarks

Elon Musk wins defamation trial over ‘pedo’ remarks

View
‘Reno 911!’ is coming back as a Quibi exclusive

‘Reno 911!’ is coming back as a Quibi exclusive

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr