Yesterday the New Year brought upon us many global happenings, and bugs here at Search Engine Journal, but the biggest tech problem of January 1st may have been the exploit of a GMail weakness which exposed user web contacts.
The exploit takes advantage of the fact that Google puts your details into a JS file. As a result, if you’re logged into Gmail and browsing the web, any rogue website can declare the function “google” and then parse all your contacts.
And from Googlefied, the original source of the story, (Googlefied also lists an FAQ list about the exploit) it seems that Google has addressed the problem:
Finally, about an hour ago or so, Google has patched the vulnerability, thoroughly, as far as I can tell. That’s like thirty hours after I notify the Google Security team. It’s new year, people.
Well, the bug has been fixed, but I guess some people will still have questions about it.