HTTPS has nothing to do with this CSRF vulnerability!
Guys, I keep reading about http vs https here.
That's completely off-topic.
While it's all good and mandatory using https for anything sensitive, like accessing your webmail, this GMail exploit uses CSRF, which works just fine over https.
An in-depth explanation of how it works, what should be done on the server side to fix it and what users can do to protect themselves is given in this article: http://hackademix.net/2007/09/26/gmail_csrf/