Google’s PHP API client users have been warned to  watch out for phishing attacks while Google patches a cross-site scripting (XSS) vulnerability in the code. The bug, discovered by DefenseCode’s Leon Juranic using the company’s ThunderScan source code scanner, has been acknowledged by the Chocolate Factory (as a “nice catch”), and a fix is promised. …