Using a form of cross scripting, it becomes easy to steal a Gmail user’s contact list if they visit a certain type of website. The only condition is you have to be logged in to Gmail at the time of the attack. Gmail is setup to store your contact list in javascript files, which is the core problem. If you log into your Gmail account and click here, you’ll see your contact’s details, along with the