Robert Hansen who is the CEO of secTheory said “Google is and will be and always has been vulnerable.They haven’t been open with consumers. Ultimately, this all comes down the the fact that they just want to track you guys.”

According to The Register’s article, he is talking about hosting untested third-party applications that users can embed in their iGoogle home pages. The flaw is that potential victims could be redirected from an iGoogle webpage to a page that is controlled by an attacker.

Source: The Register