Critical vulnerability surfaces on Google Desktop

By on
Critical vulnerability surfaces on Google Desktop

Desktop search vulnerable to cross site scripting attack.

Security researchers with Watchfire have uncovered a vulnerability in the Google Desktop application that could allow an attacker to steal confidential information and potentially take over control of a system.

Google has released an update for its software that patches the vulnerability that relies on cross site scripting attack techniques.

An attacker could exploit the flaw through a specially crafted web link that contains JavaScript code. When a user clicks on the link, the code will be executed by the Google Desktop application, which then allows the attacker to perform searches on the infected computer where they could find password, social security numbers or other confidential information.

The security vulnerability is sparked by the fact that Google Desktop is linked to the Google.com service. Current generation anti-virus software furthermore doesn't protect against these attacks, Watchfire cautioned.

Online applications security is a hot topic. Security firm Acunetix released a study in which it claimed that corporate websites on average suffer from 66 security vulnerabilities in their online applications.

Copyright ©v3.co.uk
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?