1 Comment

Summary:

Google has identified a bug in Website Optimizer, its website testing and optimization tool, which means that it is vulnerable to a cross-site scripting (XSS) attack. While the likelihood of such an attack is low, users need to update the code running on their sites.

lock

Google has identified a bug in Website Optimizer, its website testing and optimization tool, which means that it is vulnerable to a cross-site scripting (XSS) attack. While the likelihood of such an attach is quite low, because it can only take place if a website or browser has already been compromised by a separate attack, and Google has already fixed the bug in its code so that new experiments are not vulnerable, users should update existing Website Optimizer code on their sites, and remove any stopped or paused experiments created before Dec. 3 to make sure they are not susceptible.

In an email sent to users, Google noted that Website Optimizer code can be updated either by making a fix to existing JavaScript control codes running on the site, or by stopping current experiments, removing the scripts and creating new experiments to replace them. Google recommends using the latter method, as it’s much simpler.

Photo courtesy Flickr user .Bala

Related content from GigaOM Pro (sub. req.):

You’re subscribed! If you like, you can update your settings

  1. Simon,

    Thanks for the update. Your readers may be interested in a simple Google Optimizer Code checker at

    http://www.observepoint.com/optimizer-test.php

    You just enter the URL of the page in question, and it will tell you whether the google website optimizer code is up-to-date, and if it needs to be edited, it will tell you what to change and where to change it.

Comments have been disabled for this post