Last Year’s Gmail Update Has Created Security Risks

Gmail is the single most popular email client in the world, and a big part of the reason why this is the case has to do with the superior functionality that it provides to the numerous people that end up using it on a regular basis. In an attempt to improve the overall functionality of one of their most widely used properties, Google has attempted to update Gmail by using AMP4Email, or Accelerated Mobile Pages for email and also known as dynamic email.

This is supposed to make Gmail easier to use for the wide variety of people that tend to focus on using it from a mobile phone. This update was not talked about all that widely, and as a result of this fact most people didn’t really know about it all that much. However, the update did indeed improve the functionality of Gmail by reducing the amount of tabs that you would have to open, having auto form filling features put in as well as making the experience of using Gmail a great deal more seamless and intuitive than it would have been otherwise.

However, it turns out that these improvements have come at a price. Whenever you add more features and functionality to a particular application or software, you are basically opening this software up to attack because of the fact that there would be more points of entry that malicious actors might potentially be able to take advantage of.

These extra points of entry have made Gmail more vulnerable to cyber attack, and this is something that the vast majority of users are going to find to be absolutely unacceptable all in all. According to Michał Bentkowski a security researcher, "DOM Clobbering (a well-known browser issue) could be used to perform a (Cross-site scripting) XSS (on gmail dynamic emails) if certain conditions are met.

However, after bringing this into attention, Google has fixed the issue in order to make Gmail usable and secure again, something that should be a top priority because Gmail is something that most people absolutely need in order to get work done. Users can still turn off this Gmail feature by following the instructions here.



Photo: NurPhoto via Getty Images

Read next: 85 percent spam email contains a link to download data rather than attached files

No comments:

Post a Comment