It seems that Google’s latest social networking effort isn’t just proving a headache for those of us who feel it’s compromised our privacy a little; it turns out that the service also boasts security issues all its own.

I guess you could say... they killed the buzz

Word comes via Yahoo of the issue, which effects the mobile version of Google Buzz. The issue is, like many of those that Facebook has encountered in recent months, a cross-site scripting flaw, whereby a malicious individual can put their own scripting into web pages that belong to trusted pages, like Google.com. The problem is that it gives the attacker full access to a user’s Google Buzz account.

That means that, while they’re in there, they can choose to follow whoever they please, unfollow anyone you’re following or update your own Buzz account with anything they’d like. None of this would be too much a problem, but given the response to Google’s sudden release of Buzz, it seems as though many have already found work and private lives colliding without being helped in that direction by interlopers.

Given the privacy issues around Google Buzz already, the news that unauthorised users can gain access to accounts in any way. The folks from PCWorld dropped Google a line to ask about the issue and received a response which said, fairly openly,

“We’re aware of a vulnerability that could affect users of Google Buzz for mobile, and we are now pushing a fix … We have no indication that the vulnerability is being actively abused.”

Unfortunately for Google, whether or not there have been cases of abuse likely won’t matter too much, as knowledge of the vulnerability becomes more widespread, it seems fairly probable that it will simply cast more doubt on a service that many consider to have been foisted upon them without their permission.