Critical vulnerability surfaces on Google Desktop

By
Follow google news

Desktop search vulnerable to cross site scripting attack.

Critical vulnerability surfaces on Google Desktop
Security researchers with Watchfire have uncovered a vulnerability in the Google Desktop application that could allow an attacker to steal confidential information and potentially take over control of a system.

Google has released an update for its software that patches the vulnerability that relies on cross site scripting attack techniques.

An attacker could exploit the flaw through a specially crafted web link that contains JavaScript code. When a user clicks on the link, the code will be executed by the Google Desktop application, which then allows the attacker to perform searches on the infected computer where they could find password, social security numbers or other confidential information.

The security vulnerability is sparked by the fact that Google Desktop is linked to the Google.com service. Current generation anti-virus software furthermore doesn't protect against these attacks, Watchfire cautioned.

Online applications security is a hot topic. Security firm Acunetix released a study in which it claimed that corporate websites on average suffer from 66 security vulnerabilities in their online applications.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
criticaldesktopgoogleonsecuritysurfacesvulnerability

Sponsored Whitepapers

Build the Infrastructure for Your AI Revolution
Build the Infrastructure for Your AI Revolution
2026 Engineering Reality Report
2026 Engineering Reality Report
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
Optus Enterprise Mobility
Optus Enterprise Mobility

Events

Most Read Articles

Commercial spyware targeted Samsung Galaxy users for months

Commercial spyware targeted Samsung Galaxy users for months
Australia's AUKUS base to connect to subsea cables

Australia's AUKUS base to connect to subsea cables
Westpac factors post-quantum cryptography prep into "secure router" rollout

Westpac factors post-quantum cryptography prep into "secure router" rollout
The BoM has finally tamed SSL

The BoM has finally tamed SSL
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?