Vulnerability in Google Groups to which at once there was a set of exploits, stealing requisites of access to GMail and sending contents of all mail box, has been eliminated. Exploites worked in four most known browsers: IE, Firefox, Opera and Konqueror. That vulnerability has worked, the victim should pass on specially generated URL, being in mail box GMail.
The second vulnerability of the same type is found out in search machines Google. Exploites, published in Mustlive blog, allowed to steal authentification cookies by means of specially generated URL, the leader on site ICANN and University of York.
The first has been eliminated ICANN, and the second while operates. Search in Google has shown, that approximately 200 thousand sites can be used for attack.
The third vulnerability allows to steal photos with Picasa, having enticed a victim on nocuous a web-page. Though in a basis lays between-sites scripting, for successful attack it is necessary a little making: use Flash, unreliability in URI proceeder and a fake of inquiries at data exchange between appendices. Vulnerability is not eliminated yet, however complexity of its operation will stop hackers for some time.
The previous large batch of bugs in Google has been found out in the end of May - the beginning of June. Then four vulnerabilities to between-sites scripting have existed for a week after detection.