A cross-site scripting vulnerability in Google Buzz allows an attacker to access a victim's Google accounts and determine the victim's location.

"[The] vulnerability ties into to the much-vaunted Google Location Services, making it possible for the attacker to learn the geographical location of users who have already opted in," writes The Register's Dan Goodin.

"Company security personnel are in the process of fixing it, and there are no indications the flaw has been exploited," Goodin writes.

Click here to read the article at The Register.