Researchers find Google Desktop vulnerability
Researchers from a leading web application firm said today they have uncovered a serious vulnerability in Google Desktop that could allow hackers to perform searches on a victim's computer and discover sensitive files.
"Because of the integration between Google.com and Google Desktop, that is the way the malicious individual navigates onto [a victim’s] computer," Allan said. "To the victim, it’s a click."
Once the victim’s machine is compromised, an attacker can remotely perform searches and disable default settings, allowing him access to password-protected documents and archived secure websites, he said. Also, the malicious individual can force the victim to execute certain programs.
"The outcome of this is very serious," Allan said. "The ongoing danger is that more and more applications have very powerful features like this and increasingly allow integration between the local computer and the internet."
Google said it was not aware of any users being affected by the vulnerability, according to Allan. A Google spokesman could not immediately be reached for comment today.
Allan said the bug emphasises the need for developers to build more secure applications and for anti-virus vendors to create solutions that defend against such attacks.