Google blocked a serious vulnerability in Gmail

The search giant has overcome a serious security flaw within its free Gmail email service, which could allow hackers to copy and read the user's email content.

This vulnerability was partially disclosed late last week, thanks to experts at GNUCITIZEN. They call it a "request site interrogation" vulnerability and describe it as " a backdoor Trojan in the heart of a Gmail account, spying on all your conversations and conversations ."

Immediately after Google announced the vulnerability was closed, GNUCITIZEN also announced how to attack proof of concept into this error.

The attack mechanism is as follows: secretly installing a Gmail filter through a dumb Javascript command. First, users must log into Gmail, then they must access a malicious website.

This site then sends a Java command to Gmail to set up the filter. Unless user is detected and deleted from the computer, this filter has no way of being disabled.

Under the hacker command, the filter will selectively copy the email and send it to its owner. Hackers can set commands like just gathering mail with attachments.

As recommended by Google, Gmail users should check Filters page inside Settings to make sure there are no unwanted commands to sneak in here.

Trong Cam