I don't want to provide any links or details before it is fixed, but Google has another cross-site scripting (XSS) vulnerability. It is more serious than the previous one, because:

• It works with any character encoding. (You can be a victim even if you don't use a vulnerable browser.)
• It exists in multiple domains (www.google.com and mail.google.com).
• It is much easier to exploit. (It was discovered by accident.)

I highly recommend that you do not use Google's personalized features or access your Gmail account with JavaScript enabled until this vulnerability has been fixed.