Google fixes gmail bug

Users' address books left exposed

Google has fixed a security hole in several of its services that exposed the address books of Gmail users, the company said yesterday.

The vulnerability meant an attacker could copy all the entries in a Gmail user's address book to a malicious web site, according to a description of the problem on the 'Googling Google' blog. The only condition is that the user would have to be logged in to Gmail or another Google service.

Google-watcher Haochi Chen probed a feature in Google Video over the weekend. The feature, called 'Pick People to Email,' lets users select contacts from their Gmail address book to send them a video. However, the feature also opened up the address book to others, Chen discovered.

Heather Adkins, an information security manager at Google, said on Tuesday that the company heard about the Google Video issue and fixed it within hours. The search giant later learned that the same problem also impacted other services and resolved those issues within a day, she said.

'To our knowledge, no one exploited the vulnerability and no users were impacted,' Adkins said in an emailed statement. 'Responsible disclosure allows companies like Google to keep users safe by fixing vulnerabilities and resolving security concerns before they are brought to the attention of the bad guys.'

What do you think? Email us at [email protected]