According to Mark Stockley, a web consultant with Compound Eye, the proof-of-concept plug-in exploits the use of unencrypted cookies by Google's Web History feature.
As reported previously, the Firesheep Mozilla Firefox add-in – which was released last October – auto-harvests user cookies on public access WiFi hotspots where users are surfing the internet in the clear.
Back in the present, meanwhile, and Stockley reports that, although you need to be logged in to make use of web history, it does not require an encrypted (HTTPS) connection.
The flaw, he explained in his guest security blog for Sophos, allows attackers to find out what you've been searching for, who your social contacts are and who's in your Gmail address book.
“The new variant of Firesheep allows hackers to easily exploit the flaw if they are sharing the same WiFi hotspot as you”, he said, adding that the exploit tapped by researchers – Vincent Toubiana and Vincent Verdot – does not allow attackers to take over users' Google Accounts. It does, however, expose private data.
Stockley goes on to say that, as well as introducing their opinion on Firesheep, Toubiana and Verdot's research paper outlines a number of ways to acquire the offending cookies, including just Googling for them.
“They estimate that about 50% of Google's users have Web Search History switched on and that many users are unaware of it. To make matters worse the compromised cookies are used across more than 20 web sites, including some web behemoths like Google Search, Google Maps, YouTube and Blogger”, he noted.