Securiteam has made an announcement that Gmail has an issue.  I will quote:

GMail is vulnerable to CSRF attacks in the “Change Password” functionality. The only token for authenticate the user is a session cookie, and this cookie is sent automatically by the browser in every request.

[ad#ad2-right]An attacker can create a page that includes requests to the “Change password” functionality of GMail and modify the passwords of the users who, being authenticated, visit the page of the attacker.

The attack is facilitated since the “Change Password” request can be realized across the HTTP GET method instead of the POST method that is realized habitually across the “Change Password” form.

[Via Securiteam]

One way to prevent this to a point is right now having GMAIL automatically connect securely.  You would go into your settings in gmail and make sure it uses https connection:
This is one way to prevent the cookie attack but is still needing to be fixed.   Since it is using the HTTP GET method it should use the HTTPS method as soon as you try accessing the site.   Google needs to change to the HTTPS Get method instead to prevent this type of attack.   If you have any other ideas for Google just leave a comment.