Controversial forum community 4chan exploited a vulnerability in the YouTube comment’s system to target singer Justin Beiber’s videos.
The attack exploited a HTML injection vulnerability to insert scripts into the comments which allowed 4chan members to initiate pop-ups or redirections to other sites for anyone who viewed the impacted YouTube video pages. Videos relating to teen idol Justin Beiber were most affected as 4chan users continued a vendetta against the singer.
Google quickly took measures by initially turning comments onto not appearing by default and manually deleting the hack posts. In an impressively rapid turn around for a Sunday, Google had two hours hours later addressed the vulnerability and reinstated the comments system.
Google issued a statement to TheNextWeb.com on the issue:
“We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com that was discovered several hours ago. Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future.”
It’s not thought that the hack posed any danger to the security of computers directly however web browsers may have been redirected to web sites hosting malware which can exploit other vulnerabilities to cause more serious damage.