Researchers at risk management software company Watchfire Corp. posted an advisory this week about the flaws, which are called XSS, or cross-site scripting, vulnerabilities. These types of vulnerabilities leave a site open to various attacks, such as account hijacking, changing of user settings, cookie theft/poisoning or false advertising.

The possibility for attacks at www.google.com was present when users encountered two different error pages, the "404 not found" error message and a Web-site redirection error message.

Google did not properly secure these pages, which exposed users to possible attack by exploiting the 7-bit Unicode Transformation Format character-encoding mechanism, according to Watchfire.

The company corrected the flaws by using character-encoding enforcement, said Waltham, Mass.-based Watchfire.

In a statement e-mailed by a Google spokeswoman, the Mountain View, Calif.-based company said it was alerted to the security vulnerabilities "a little while ago" and fixed them quickly. No user data was compromised due to the flaws, the statement said.