Regarding the actual flaw here:
This is a big, big hole on Google's part (perhaps it was there before they took over) - an XSS flaw to the extreme. I'm really shocked no-one found it sooner. Heck, even the stuff I write for internal use in companies is more secure than that on the XSS front (though obviously I'm not going to go into details here!)
Typical 4chan as well though - find an easy bug and pretend we all own the internet by behaving like mindless script kiddies.
On the plus side, getting a patch out for this in 2 hours is an unbelievably quick turnaround - Google have done VERY well on that front. With a certain other major software development company I can imagine the fix would have taken weeks... My only concern is that if the patch has been rushed through are there still other XSS exploits out there? I'd expect Google to be thoroughly investigating this though, so hopefully we won't see a repeat any time soon.
This is a big, big hole on Google's part (perhaps it was there before they took over) - an XSS flaw to the extreme. I'm really shocked no-one found it sooner. Heck, even the stuff I write for internal use in companies is more secure than that on the XSS front (though obviously I'm not going to go into details here!)
Typical 4chan as well though - find an easy bug and pretend we all own the internet by behaving like mindless script kiddies.
On the plus side, getting a patch out for this in 2 hours is an unbelievably quick turnaround - Google have done VERY well on that front. With a certain other major software development company I can imagine the fix would have taken weeks... My only concern is that if the patch has been rushed through are there still other XSS exploits out there? I'd expect Google to be thoroughly investigating this though, so hopefully we won't see a repeat any time soon.
