Critical Flaw in Google Desktop Repaired

The vulnerability wasn't exploited

By Bogdan Popa on February 21st, 2007 14:30 GMT
Google Desktop, the downloadable application that helps the company expand the power of the Google search engine into the offline area, was affected by a serious security flaw that can allow an attacker to take the control of an affected computer. It seems like the setup of the program was open to cross-site scripting attacks meant to provide the hacker with even more power to execute malicious files on the vulnerable system. After the exploitation of the vulnerability was started, the attacker was able to view all the files indexed by Google Desktop and other private information displayed by the product.

"Watchfire said it reported the security hole to Google on Jan. 4 and was assured Feb. 1 that the flaw had been fixed. Google spokesman Barry Schnitt said the desktop search software gets automatically updated, so users do not need to take any steps to protect themselves. While this particular avenue for data theft has been shut down, Watchfire contends that another one could emerge because Google maintains a link between desktop and Web data - a query on a computer with Google Desktop can show search results from both realms," Kentucky.com reported.

As you might know, Google Desktop is one of the most popular downloadable applications provided by the search giant that indexes all the files stored on a certain computer and helps users find them quick and easy. The program works really impressive because it is based on the technology used by the online search technology that indexes the information and then returns results very quickly from a linked database that stores all the files.

The publication reported that the flaw discovered in Google Desktop was repaired so users are now safe when the application is started without having to download the updated version of the program. As you might know, Google Desktop contains an auto-update feature so, if you still want to download the latest version of the program, you can find it on Softpedia.
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments