Google has fixed security issue related to its Central telecom service and its Google.com Web site..
Google fixed a cross site scripting exposure on the log-in page for Grand Central, a service that allows people to have numerous phone numbers ring on one phone and have a unified voice mail.
A cross-site script is a vulnerability found increasingly in Web applications in which malicious code can be injected into Web pages that could be used to attack or compromise visitors to the site.
“This issue was reported on Monday morning, and google closed it shortly after being notified”.
The vulnerability was posted to a security e-mail list called Full Disclosure and was not reported to Google in advance, meaning Google had to race to fix the issue before someone could write an exploit for it.
[ad#add-top-in]
In a separate security issue, Google fixed a weakness that allowed people to create a spoof site that looks like it goes to the Google.com domain but actually redirects a Web surfer to a different site. Such redirect links are usually distributed via e-mail and often send people to a site with malicious code that can be used to attack or compromise the visitor’s computer.
Google, meanwhile, was working to fix a redirect vulnerability related to the site of its DoubleClick online advertising unit.