Google Fixes Major Vulnerability in the Gmail

0

Google has fixed a security issue found in the Gmail app recently. The company has received a lot of feedback from the users across the globe regarding a security issue in Gmail’s key feature.

The feature is dubbed as AMP4Email. This feature enables users to see pop-up inside the inbox. The aim behind showing up the pop-up content is just to make the email dynamic.

This is a powerful feature that works automatically and showing you useful content such as RSVP to an event and many other useful updates while exploring the email.

This feature was carrying a security flaw which was found by Michał Bentkowski, Chief Security Researcher at Securitum. He has researched everything well about this security issue found in the AMP4Email feature within the Gmail. He also has written and shared a blog post about the disadvantages of this feature.

According to Security Researcher, the id attribute is not disallowed in tags this leads this feature to Dom Cobbering. DOM stands for Document Object Model which arises during the digital messages.

You might have noticed that emails are not text-based only, in fact, they carry a lot of graphics and images and additional links. Digital marketers are also making the most of email platform to advertise products and services of various companies.

“DOM Clobbering is a legacy feature of web browsers that just keeps causing trouble in many applications,” the researcher says. “When you create an element in HTML (for instance) and then you wish to reference it from JavaScript, you would usually use a function like document .getElementById(‘username’) or document .querySelector(‘#username’). The legacy way is to just access it via a property of global window object. So window.username is in this case exactly the same as document.getElementById(‘username’).”

You can follow the official blog post shared by the Researcher for more information about his research and the effective results.

For the latest tech news and updates, Install TechCodex App and follow us on Facebook and Twitter. Also, if you like our efforts, consider sharing this story with your friends, this will encourage us to bring more exciting updates for you.

Get real time updates directly on you device, subscribe now.

Comments
Loading...