Google’s Gmail has been plagued with problems yet again. After the recent deletion of mails from many accounts, Gmail now has yet another problem.

The new exploit, takes advantage of the fact that Google puts your details into a JS file. As a result, if you’re logged into Gmail and browsing the web, any rogue website can declare the function “google” and then parse all your contacts. The only way to safeguard yourself is to disable Javascript in your browser (or enabled it for trusted sites only) or simply climb into a hole and not browse while logged into Google services like Gmail, Blogger, Orkut, Reader, Calendar, etc. — you know, the sites you typically have open all day long.

Although there have been reports that the problem has been fixed, you can still see the exploit for yourself. Just log in to any Google Service like Gmail, and then click on this non-malicious link. It shows you all the proof you need.

Update 1: Vulnerability seems to be patched now.