Google has issued a patch for a serious vulnerability involving Google Desktop that would have allowed attackers to steal personal information and possibly take control of a system remotely.
Researchers at Watchfire found the product was susceptible to cross-site scripting attacks that hijack the Google Web interface in order to jump from the Internet to the desktop Web environment. The attack works by getting users to click on a link that loads malicious JavaScript.
Google Desktop serves as a fast search mechanism for documents, e-mails, instant messaging transcripts, archived Web pages and other data on PCs. A Google executive once described it as "the photographic memory of your computer." An attacker with control of Google Desktop can search for virtually anything on the computer, including Office documents, e-mails, media files and Web history cache.
http://www.pcmag.com/article2/0,1895,2097308,00.asp
Linear Mode
