All Posts Tagged Tag: ‘google gadgets’

  • Malicious Google Gadgets in Action

    Malicious Google WidgetA new report by emgent shows malicious Google Gadgets in action. The vulnerability lies in the ability of a malicious user to add their own Gadgets on a separate domain space, without Google’s authorization. The attack variant shown in the movie can be altered to steal cookies, run arbitrary JavaScript on victim machines, and could be further weaponised to great Malicious Google Gadget worms.
    When researching this topic, we found references to similar vulnerabilities which date back to 2007, reported by Tom Stracener and Robert Hansen.

    Read More →