Google Website Optimizer Control Scripts Vulberability Found, Update Your Code to Secure Your Site

Google notified about a potential security issue with the Website Optimizer Control Script, that could allow an attacker to execute malicious code on your site."If a site is using code generated before Dec. 3, 2010, attackers can only execute malicious code on a website or browser if it has already been compromised by a separate […]

Google notified about a potential security issue with the Website Optimizer Control Script, that could allow an attacker to execute malicious code on your site.

"If a site is using code generated before Dec. 3, 2010, attackers can only execute malicious code on a website or browser if it has already been compromised by a separate attack. Though the immediate probability of this attack is low, we urge you to take action immediately.

We've not seen any evidence indicating that sites using Website Optimizer have been targeted through this bug, but wanted to proactively reach out to site owners. We're urging WO users to take action by updating their Control Scripts. "All experiments created after Dec'3 aren't susceptible,"" explains Google.

"To fix the vulnerable section of code, you should immediately either replace the control scripts in your affected experiments or stop the affected experiments and start new experiments."

More Info: Instructions for both above methods: Website Optimizer Help Center

[Source]