Google Affected

Notified:  June 18, 2008 Updated: September 02, 2008



Vendor Statement

Google was notified of this issue a few months ago. Once notified, work proceeded swiftly to provide a safe solution for customers. Google notified customers that could be vulnerable directly, and provided clear instructions on how to protect their systems. There have been no reports of this vulnerability being exploited. Google would like to thank Alessandro Armando, Roberto Carbone, Luca Compagna, Jorge Cuellar, and Llanos Tobarra Abad with the AVANTSSAR project ( for responsibly disclosing this issue and providing technical assistance.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.