Google fixes YouTube xxx spam flaw

Mike Halsey MVP
Jul 5, 2010
Updated • Dec 26, 2012
Google, Youtube
|
1

YouTube owner Google has been forced to act quickly to fix a flaw on it's YouTube video sharing website that allowed hackers to bombard users with pop-up messages, redirecting them to adult websites. The code was placed in the comments section of targeted videos and would run automatically when people watched the clip.

Google says the problem was fixed within only two hours of being reported, according to the BBC.

"We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com," a spokesperson said.

"Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours.

Hackers had used JavaScript and HTML code to trigger the malicious pop-ups.

"The thing with a cross-site scripting attack is that it will appear that it is a message being posted by that website, which gives it a certain legitimacy, Graham Cluley of security firm Sophos told BBC News.

"It could be used to show a message that tells you to update your password; it could link to a malicious website; or it could attempt to phish you."

For now YouTube is back to it's old self and if you're visiting the site in the next week I thoroughly recommend you click on the football icon during playing videos to add an authentic Vuvuzela soundtrack.

Update: While Google fixed the issue in record time, it needs to be noted that YouTube is still often used by part of its user base to distribute videos that are not allowed on the site. This includes adult movies but also full length movies and other copyrighted materials. Google is usually quick when it comes to deleting those, but sometimes, they slip past to stay on the site for a prolonged period of time (until someone reports them to Google).

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Pat said on June 13, 2023 at 3:06 am
    Reply

    For Version 116.0.5817.0 (Official Build) dev (64-bit), Chrome Refresh 2023 has an option to enable omnibox at the same time.
    Screenshot above is not showing the round shape. This is eye candies.

  2. D.M said on June 13, 2023 at 3:02 pm
    Reply

    I wonder how to return the gray stripe but on a new design?

    And in general, it’s strange why they didn’t make the entire top panel be painted in the color of the open site, like on android.

  3. Disappointed said on June 19, 2023 at 10:42 am
    Reply

    @D.M: +1, the new light blue looks odd, and the tab group buttons (the color dots) became way too big

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.