Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

Google Toolbar Enhances Hack Attacks

Through the 'Add New Button' function

By Bogdan Popa, Security and Search Engines Editor

19th of December 2007, 10:58 GMT

Adjust text size:


Google Toolbar
Enlarge picture
Google Toolbar, that nice browser add-on produced by the Mountain View company, is one of the latest utilities able to enhance a hack attack and allow intruders deploy
malicious applications. Aviv Raff has recently found a way to exploit a Google Toolbar vulnerability, which could seriously harm users' computers. According to his blog post, the 'Add New Toolbar Button' is the one which enhances the entire exploitation, as a hacker could easily change the details displayed to the user. Now, let's take it step by step to understand how it works.

First of all, I think many of you have already used the 'Add New Button' function provided by Google Toolbar. As you know, there are two fields displayed in the installation windows, which show the location of the new button and some privacy considerations related to the way the new button works. This is the way an attacker could trick a user: he creates a fake link that may look like a legitimate one and attempt to install a file on the user computer through the new toolbar button.

"By creating a specially crafted URLs it is possible for an attacker to fake the domains displayed in the 'Downloaded from' and 'Privacy considerations' sections. This specially crafted URL can be created by simply adding an open redirector before the URL. An attacker can use this vulnerability to gain the victim's trust to add and use the button, and by that, the victim will trust the files that the button offer, or enter private information. In the new beta version of the toolbar it is also possible to alert the user every few seconds to click on the button", Aviv Raff explained.

Google has already been informed about the vulnerability, so it is currently working on a patch to correct the flaw. Until then, you're advised to avoid adding new toolbar buttons. Just to remain on the safe side…

TAGS:

 google | toolbar | hack | security


Rating:
Fair (2.8/5) 6 vote(s) so far    

Read by 540 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Yahoo Toolbar Updated

Google: Search The Internet without Typing

Google Distributes Malware Using The Deal with Dell

Google Toolbar for Firefox Updated!

Google Warns Us that T5 Is Here

Google Notebook Now Blogs and Annotates

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive