Google Translate #vulnerability and #exploit



"...Google Translate is a free statistical multilingual machine-translation service provided by Google Inc. to translate written text from one language into another. .."  - Wikipedia .

Think of Translate like Douglas Adam's babelfish, but in an online, text form.




The former vulnerability is rather simple.  After a few redirects to fool anti-fraud mechanisms, the translated website pops out of Translate's iframe and redirects the user to a website or content of their choosing.  




One may use HTML5-sandbox iframes to prevent the top level hijacking.  Google engineers implemented HTML5 to mitigate the vulnerability.  But in the interests of those web developers who utilize Flash, Silverlight and other interesting development tools, Translate enables translators to disable "Translated in Safe Mode."  This results in allowing the translator to slit their throat.  To each their own.