Google has identified a bug in Website Optimizer, its website testing and optimization tool, which means that it is vulnerable to a cross-site scripting (XSS) attack. While the likelihood of such an attach is quite low, because it can only take place if a website or browser has already been compromised by a separate attack, and Google has already fixed the bug in its code so that new experiments are not vulnerable, users should update existing Website Optimizer code on their sites, and remove any stopped or paused experiments created before Dec. 3 to make sure they are not susceptible.
Related content from GigaOM Pro (sub. req.):