Google Inc. has fixed a flaw that would have allowed Web sites to harvest information from Gmail contact lists, a problem that could have let spammers collect reams of new e-mail addresses. For an attack to work, a user would have to log into a Gmail account and then visit a Web site that incorporates JavaScript code designed to take contact information from Gmail.