Lot of sites report a security flow in Google Mail! It should be possible to redirect all your incoming e-mails to an external address. How? By using a malicious filter created without your approval!
Check out a good review of this issue: http://geekcondition.com/2008/11/23/gmail-security-flaw-proof-of-concept/.
Gnucitizen made an update on this specific attack today. Seems more XSS related.
http://www.gnucitizen.org/blog/gmail-security-flaw/
Noscript is your friend!
We have seen a similar attack in the past. Check out this post from 2007
http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/
Google did provide a countermeasure back then. It’s probably a new CSRF attack.