Sunday, users of Google’s video service YouTube were exposed to a cross-site scripting vulnerability that put the cookies of those visiting affected video pages at risk. Those employing the scripting vulnerability targeted videos of popular teen singer Justin Bieber, as some visitors saw: “tasteless messages pop up about the teen star, and were also redirected to external sites with adult content,” according to blog NetworkWorld. Google released a statement saying: “Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future.” Google was also quick to point out that the compromised YouTube cookies did not provide unauthorized third-parties with access to users Google Accounts. Read
