Google patches Buzz for Mobile security flaw

A cross-site scripting vulnerability that could have allowed attackers to hijack Google Buzz accounts was quickly patched Tuesday after it was made public.

It has been a rough week for the Google Buzz team.

The fiasco over Buzz's privacy settings is starting to die down now that Google has made several changes, but security experts Tuesday discovered that the Buzz for Mobile service contained a flaw that could allow hackers to run their own code on Google Buzz accounts.

Google has already patched the flaw, which was reported by SecTheory. It was a cross-site scripting vulnerability, which could have allowed an attacker to hijack a Buzz account or run a phishing scam.

Google released a statement regarding the flaw. "We fixed a vulnerability that could have affected users of Google Buzz for mobile on February 16th, hours after it was reported to us. We have no indication that the vulnerability was actively abused. We understand the importance of our users' security, and we are committed to further improving the security of Google Buzz."

About the author

    Tom Krazit writes about the ever-expanding world of Google, as the most prominent company on the Internet defends its search juggernaut while expanding into nearly anything it thinks possible. He has previously written about Apple, the traditional PC industry, and chip companies. E-mail Tom.


    Discuss Google patches Buzz for Mobile security flaw

    Conversation powered by Livefyre

    This week on CNET News
    Hot Products
    Trending on CNET

    Tech Tip

    Know how to save a wet phone?

    It's not with a dryer and it's not with rice. CNET shows you the secret to saving your phone.