A security researcher warns that Google Gmail is vulnerable to an Open URL redirection flaw, a finding disputed by Google itself.
The alleged bug creates a means for attackers to send intended victims a special crafted UR before stealing credentials or tricking them into visiting a malicious website, according to security researcher Evangelos Mourikis.
Google is yet to respond to El Reg’s request for comment on the alleged flaw. However, in a series of direct responses to Mourikis, Google stated that the supposed bug was part of its appengine application and not a security flaw. ®