You Should Log Out of TweetDeck Right Now (Update: All Clear)

If you use TweetDeck for Chrome you should log out now. Turns out it has an XSS vulnerability that allows attackers to execute code remotely on your computer just by tweeting it out.

So far it appears to only affect the Chrome app We're getting reports of issues in the Chrome app, in the webapp on Firefox, and the Windows desktop client. For now it's mostly just being used to (annoyingly) spam popup windows, but there's potential to do some damage with this power, so you should close up shop until the problem's fixed.

We've reached out to Twitter for comment, and we'll update when the coast is clear.

Update: TweetDeck has given the all-clear, although you'll need to log out and then log back in to make sure everything's okay.

Update 2: We're having mixed results with the "log out and then log back in" fix, and still seeing a few pop-ups here and there on different machines. If you want to be safe, it's probably best to stay logged out for a big longer, especially if you run across any pop ups.

Update 3: Twitter is now apparently taking TweetDeck services all the way down to fix the issue.

Update 4: TweetDeck is back up and saying all is well (again). But again, we've still got some people here at the office having problems. It might pay to stay off for just a little while longer.