Skip to main content

Google Fixes YouTube Vulnerability

Video sharing site YouTube has fixed a vulnerability that allowed hackers to lure unsuspecting users to adult websites by clicking on fake pop-up windows.

The hackers placed code snippets in the comments section of a number of YouTube videos designed to create pop-up windows when the videos were played.

One such pop-up claimed that pop singer Justin Beiber had died in a car crash.

Google, which owns YouTube, said that the vulnerability was fixed within two hours of discovery.

The hackers managed to exploit a cross-site scripting vulnerability to target YouTube users.

This type of attack has become commonplace on the internet, and allows hackers to effortlessly bypass access controls enforced by web administrators.

Once the issue was brought to its notice, YouTube acted swiftly to hide the comment section and manually delete posts that contained the malicious code.

In a e-mailed statement to Network World, a spokesperson for Google said: “We’re continuing to study the vulnerability to help prevent similar issues in the future”