Google’s login pages began setting a cookie with a unique token on each user s browser. That same value is also embedded into the login form. If the two don t match, the user will be unable to log in. Google’s GMail and other services from CSRF (cross site request forgery) attacks are being targeted. Read the full article in The Register ve Dan Goodin has news about a belated but significant move by Google to protect its GMail.
Source: https://threatpost.com/google-moves-block-csrf-attacks-100509/72313/