Google closes persistent XSS holes in Gmail