Google acknowledged (and fixed) a major vulnerability in its google.com and gmail.com domains.
Redirection, cross-site scripting, cross-site request forgery, and SQL-injection vulnerabilities are to websites what dandelions are to suburban lawns. Even sites maintained by experienced and highly vigilant Web developers are likely to suffer from these Web-application bugs.
From ArsTechnica. Read more here.