UNIX firm HBX Networks stumbled across the flaw whilst working on a "hacker-friendly" shell service. In altering the "From" part of the address bar technicians for HBX found that HTML code was revealed within the "Reply-to" field.
"The result is a compromise of the privacy of communications over Gmail," said an HBX spokesman on its website. "Many people rely on Gmail heavily, and many users are forced to communicate with Gmail users because of this resilience."
A lot of the information revealed by the flaw is spam, but there are notable exceptions. One example, detailed in HBX's report, highlights an account password.
"We are aware of the problem and we are looking into it," said a Google spokeswoman.
Late last month virus writers created a the Santy worm that used Google's powerful search engine to search for vulnerable websites. Earlier in December SC reported on how Google's desktop search engine could create security problems for customers using SSL VPNs.