Reports that a purported Gmail vulnerability was being used by unauthorized third parties to hijack domains turned out to be nothing more than a phishing scam, Google announced Tuesday.


The alleged vulnerability reportedly allowed an attacker to set up filters on users' e-mail accounts without their knowledge, according to a proof of concept posted Sunday at the blog Geek Condition. In the post, Geek Condition's "Brandon" wrote that the vulnerability had caused some people to lose their domain names registered through GoDaddy.com.

However, after consulting with those who claimed to be affected by the so-called vulnerability, Google determined that they were victims of a phishing scam, Google information security engineer Chris Evans explained in a blog.

Read more: news.cnet.com 

Labels: Gmail, phishing, vulnerability

A Vietnamese security company has found a critical vulnerability in Google's new browser Chrome, but Google has already released patch for that problem and at least one more.

The vulnerability is one of several problems identified in the browser since it was released early last week. The bug is a buffer overflow that occurs if a user saves a Web page containing an overly long "title" tag, according to Bach Koa Internetwork Security (Bkis), based at the Hanoi Institute of Technology.

The browser can encounter a problem trying to save a file with the name contained in the overly long title tag. An attacker could then have control of the PC and could execute other code on the machine, Bkis wrote on its blog. The problem can be exploited on PCs running Windows XP SP2 and Chrome version 0.2.149.27.

Read more: pcworld.com 

Labels: browser, Chrome, patch, vulnerability