Google Rids YouTube of Nasty XSS Flaw

Pulkit Chandna

July 4 turned out to be a field day for hackers and chance cyber-saboteurs as they converged on the world's most popular video streaming site to wreck havoc using a cross-site scripting (XSS) vulnerability. They  inserted malicious code in the comments section of  many YouTube videos to trigger a series of anomalous events, including redirects to porn sites and nasty pop-ups, whenever a user visited a targeted video. Justin Bieber fans were probably the worst hit , with hackers and pranksters concertedly targeting the Canadian singer's videos.

But Google wasted little time in plugging the hole . "We took swift action to fix a cross-site scripting (XSS) vulnerability on," a spokesperson for YouTube's parent company said. "Comments were temporarily hidden by default within an hour [of discovering the problem], and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future."

Around the web