The Official Google Website Optimizer Blog - The most up-to-date product news, industry insights, and testing strategies

Update your Website Optimizer scripts to secure your site

Tuesday, December 07, 2010 12/07/2010 10:14:00 AM

Earlier this week we notified affected Website Optimizer users of a potential security issue with the Website Optimizer Control Script. If a website or browser has already been compromised by a separate attack, a hacker might also be able to execute malicious code by exploiting a bug in the Website Optimizer Control Script.

We have not seen any evidence indicating that sites using Website Optimizer have been targeted through this bug, but wanted to proactively reach out to site owners. While the probability of this attack is very low, we are urging Website Optimizer users to take action by updating their Control Scripts. We have taken action, so all new experiments created after December 3 are not susceptible.

Any experiments you are currently running need to be updated to fix the issue on your site. Additionally, if you have any Website Optimizer scripts from paused or stopped experiments created before December 3, you should remove or update that code as well.

There are two ways to update your code:
  1. Stop current experiments, remove the old scripts, and create a new experiment.
  2. Update the code on your site directly. We strongly recommend creating a new experiment as it is the simpler method.
Instructions for both methods are available here at the Website Optimizer Help Center.

We’re committed to keeping Website Optimizer secure, and we will proactively work to prevent any future vulnerabilities.

Posted by Trevor Claiborne, Website Optimizer team

Permalink

Labels:

3 comments:

Matthew said...

Thanks for the update. ObservePoint has a quick google optimizer code check script on their website -

http://www.observepoint.com/optimizer-test.php

You enter the URL of the page in question, and it will tell you whether the google website optimizer code is up-to-date, and if it needs to be edited, it will tell you what to change and where to change it.

12/8/10, 9:10 AM
Trevor Claiborne said...

Thanks Matthew, looks helpful.

12/8/10, 9:23 AM
James said...

Good to know, thaks guys

@Matthew thanks for the tool.

12/9/10, 1:04 PM

Post a Comment

You are welcome to comment here, but your remarks should be relevant to the conversation. We reserve the right to remove off-topic comments, or self-promoting URLs, and vacuous messages. Please keep your comments relevant, friendly, and respectful.

We moderate all comments so you may not see your comment show right away.