Critical vulnerability surfaces on Google Desktop

By
Follow google news

Desktop search vulnerable to cross site scripting attack.

Critical vulnerability surfaces on Google Desktop
Security researchers with Watchfire have uncovered a vulnerability in the Google Desktop application that could allow an attacker to steal confidential information and potentially take over control of a system.

Google has released an update for its software that patches the vulnerability that relies on cross site scripting attack techniques.

An attacker could exploit the flaw through a specially crafted web link that contains JavaScript code. When a user clicks on the link, the code will be executed by the Google Desktop application, which then allows the attacker to perform searches on the infected computer where they could find password, social security numbers or other confidential information.

The security vulnerability is sparked by the fact that Google Desktop is linked to the Google.com service. Current generation anti-virus software furthermore doesn't protect against these attacks, Watchfire cautioned.

Online applications security is a hot topic. Security firm Acunetix released a study in which it claimed that corporate websites on average suffer from 66 security vulnerabilities in their online applications.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
criticaldesktopgoogleonsecuritysurfacesvulnerability

Sponsored Whitepapers

The cloud tipping point
The cloud tipping point
How AI will deliver real business value
How AI will deliver real business value
The multicloud imperative
The multicloud imperative
Your multicloud advantage
Your multicloud advantage
The business value of Oracle Autonomous Database
The business value of Oracle Autonomous Database

Events

Most Read Articles

WA man jailed for at least five years for evil twin attack

WA man jailed for at least five years for evil twin attack
Services Australia may get powers to rein in data breach exposure

Services Australia may get powers to rein in data breach exposure
ASX outage caused by security software upgrade

ASX outage caused by security software upgrade
Apple, Google send new round of cyber threat notifications to users

Apple, Google send new round of cyber threat notifications to users
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?