Google Fixes Cookie Stealing Vulnerability
Security researchers have unpicked a flaw in Google spreadsheets that allows cookie stealing. The cross-site scripting vulnerability enables attackers to use stolen cookies to access any Google service a user has registered, including accessing a victim’s Google mail account. Google has now plugged the vulnerability, discovered by security researcher Billy Rios. A Google cookie is valid across all its sub domains, a convenience factor that greatly enhances the potential for mischief.
This particular XSS vulnerability on Google’s domain takes advantage of how IE determines the content type of the HTTP response being returned by the server. Other browsers have problems in handling content-type headers properly, but this vulnerability is limited to IE.
Rios created a spreadsheet which contained HTML and a string of JavaScript code for viewing a user’s cookie. He then saved this spreadsheet and generated a link for the spreadsheet to be served as a text-based CSV file, which IE mistakenly interprets as HTML.
Anyone viewing this doctored spreadsheet would hand over their cookies to Rios, or potentially an attacker. Fortunately, Google has now rendered crafted table content as text rather than HTML.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.