Google has patched a minor flaw that allowed JavaScript code to run when viewing a Gmail message, the search engine giant said today.
Attackers could have applied malicious code to gather email addresses or even compromise the account, according to "Anthony," a 14-year-old blogger who discovered the vulnerability.
He said he found the flaw while trying to email JavaScript code from his Yahoo account to his Gmail account.
Google patched the problem shortly after learning about it.
"We learned of a minor security flaw in Gmail a little while ago and worked quickly to fix the problem, which has now been resolved," a Google spokeswoman said. "We encourage all vulnerability reporters to follow responsible disclosure practices and notify vendors first before making the vulnerability public."
This is not the first Gmail vulnerability discovered since the webmail service, popular for its large storage space and organization and search features, was launched.
In January 2005, Google was made aware of a bug that allowed hackers to reveal details of other users' personal emails, and even their account passwords.
Later in the year, Google patched two holes that would have allowed attackers to gain control of Gmail accounts and potentially carry out scams.
