1

Suppose I log to my Gmail account. After that, I use Google to search for random websites and visit some.

Are there any security threats on my Gmail account when Googling and surfing the net while it is open ?

This picture, hopefully, explains what I mean:

enter image description here

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • When your gmail account is open on **google.com**, try to use **google.co.uk** or **google.ca** for all others services that doesn't require login. – elsadek Dec 17 '14 at 10:57
  • @elsadek Thank you. But I have been wondering what are the risks I could face in the scenario I described. –  Dec 17 '14 at 11:08

2 Answers2

3

Your gmail account will be safe unless someone finds a Cross-Site Request Forgery (CSRF) vuln in gmail.

While nothing is 100% secure in the world, Google has proved to be very good at defending against security vulnerabilities. Even if a vulnerability is discovered, there is a good chance that it will be patched quickly. I rate it as highly unlikely that your account will be compromised in this manner.

2

The main attack vectors are:

  • CSRF - if there is a vulnerability on Google or Gmail then this could put you at risk.
  • Browser bug - if there is a vulnerability in the particular browser you are using then it may be possible for a visited site to bypass the Same Origin Policy and that site could then access your data using client-side code (e.g. Javascript or Flash). This type of vulnerability has existed in old versions of Internet Explorer.

In reality, the two above are unlikely. Google appear to be relatively tight on security, and now most browsers are auto-updating and tend to be quickly patched.

SilverlightFox
  • 33,408
  • 6
  • 67
  • 178