GoogHOle Exploits GMail, Picasa and 200K Other Sites

Giorgio Maone writes "Multiple Google-targeted exploits disclosed in the past 3 days could compromise your GMail account, steal your pictures from Picasa or impersonate you on almost 200,000 big sites which outsourced their search engines (vulnerabilities included in the price). If even Google, a very reactive company when web security matters, does face this kind of problems, how serious is the threat and what can you do, as a "normal" web user, to protect yourself?"

Very few details.

[Poromenos1]

The article is very low on details. I read it and I'm still not sure how it works, whom it affects and what I can do to protect myself (obviously, since I don't know how it works).

It would have been nice if they went into some more detail for technical users.

Re:The real question:

[MrMr]

Just quoting from the original so called 'Google' messages

If you've read our previous post Say Cheese! then you know that Google's Picasa registers the picasa:// URI in the Windows registry and it is possible to abuse this registered URI through a Cross-Site Scripting exposure to steal a victim's images.

So that's a windows only exploit?
We could not possibly blame that on windows.