Not long after the first security hole was found, another one has turned up.

Basically, these security holes allow a hacker to point you to a Google URL and steal your Google cookie data. They do this by exploiting an update to a Google service that does not block HTML injections. A piece of javascript passes your cookie data to an external source. This can then be used to access your Google services.

The first hole was fixed pretty quickly by the security team so I’d imagine this one will be too.

Related Posts

• Apple Macs need patches too
• Google and Feedburner buy out
• Quick tip for Google Analytics
• Google Analytics tip - email reports
• Stop Googling says Google