According to ZDNet, vulnerability within Gmail could allow hackers full access to Gmail accounts giving them the ability to steal contacts and incoming emails.

Security researcher Chris Gatford noted that “attackers could compromise a Gmail account–using a cross-site scripting vulnerability–if the victim is logged in and clicks on a malicious link. From that moment, the attacker can take over the session cookies for Gmail and subsequently forward all the account’s messages to a POP account.”

This problem is made worse due to Google’s 2 year holding time for cookies. A hacker who manages to steal a users’ cookie would essentially have 2 years worth of access to the users account.

ZDNet notes that “One work-around is to use Gmail through Firefox and disable JavaScript. While this limits user access to many components of popular Web sites, it will protect against the potential threat.”

It is most likely that Google is aware of the problem and in the process of repairing it, however, as long as the issue is in place this could be potentially damaging to Gmail users.