What's New: Google Patches "Serious" Flaw in Desktop Search

Today Google has admitted a flaw in its Google Desktop Search program that could allow attackers to gain access to a PC and other PCs sharing Google Desktop data. Researchers at Watchfire detailed how an existing malicious program could use a "cross site scripting" flaw to inject content into visited web pages, or to redirect users to other (malware, fraudulent, or adware) web sites. One example was changing the version of the Google software to make it appear that the "fixed" version had already been installed, when it was not.

Security experts fear that users within a corporate network that have installed Google Desktop Search may inadvertently expose corporate data to outsiders. Google says users should automatically receive the update, but can also download version 5.0.701.30540 or later from Google.

Wednesday, Feb 21, 2007 07:10 pm CST

Tell a friend about this news item!

Return to the article list...