Home >> IT Workplace >> Knowledge Management

Google issues patch for desktop vulnerability

By: Robert McMillan On: 21 Feb 2007 For: IDG News Service (San Francisco Bureau) Creator

Security researchers have discovered a serious flaw in Google Inc.'s desktop software that could be used to wreak havoc on a victim's computer.

COMMENT ON THIS ARTICLE

Security researchers have discovered a serious flaw in Google Inc.'s desktop software that could be used to wreak havoc on a victim's computer.

The bug, which was made public Wednesday by Watchfire Corp., has now been fixed. While Google is automatically delivering a patch, Google Desktop users who want to be sure they are running the latest version of the software can download it here. Users should be running version 5.0.701.30540 or later, said Google Spokesman Barry Schnitt, via e-mail.

Google was first notified of the problem on Jan. 4, and produced its fix on Feb. 1, a Watchfire spokesman said Wednesday.

In addition to its bug fix, Google has added, "another layer of security checks to the latest version of Google Desktop to protect users from similar vulnerabilities in the future," Schnitt said. "We have received no reports that this vulnerability was exploited," he added.

Watchfire's research underscores the danger of integrating Web-based applications with the desktop, the company said in a white paper, published Wednesday.

The flaw lies in a search parameter used by Google Desktop's Advanced Search feature, which could be used to execute malicious JavaScript code, according to Watchfire.

For this attack to work, the criminal would have to first go through a number of steps, including hacking Google.com to find a cross site scripting vulnerability on the Web site -- something that has been done several times in the past year, according to Watchfire.

If successful, however, the attack would be devastating. A criminal could search for anything on the computer or even take over the victim's computer by tricking Google desktop into running malicious software stored on another computer, Watchfire claims.

COMMENT ON THIS ARTICLE

Sign up for our Newsletters

Tags: vulnerabilities, Web site, Watchfire claims

Close X

Your Name:

Your E-mail:

Friend's Name:

Friend's E-mail:

Close X

| Views: 596 | Rating:

(0 votes)

Rate this article on a scale of
1 to 5 stars,5 being the best.

Close X

Page 1

Quick Access

Video Conferencing Cloud Computing Resource Centre CIO Canada's Brainstorm Centre CIO Canada Debate

Robert McMillan is a contributor to the International Data Group (IDG) News Service, which publishes global technology stories from bureaus around the world to more than 300 publications in more than 60 countries.

Comments (0)

No Comments!

Name: (required) eMail: (optional)

Your email address will not appear online and will be used only if the editor wishes to contact you personally for additional comments.

Related White Papers

Smart Work for a smarter planet - To work smarter, we’ll need smarter organizations – enhancing and benefiting from their people’s expertise, enterprise and creativity, rather than inhibiting them. Transforming the collaborative infrastructure and processes of our places of work will enable knowledge workers to take advantage of the full scope of an instrumented, interconnected and intelligent planet. And the good news is that many organizations around the world are showing the way. The Smart Work continuum depicts how we’ve changed as we increasingly embrace change.

Cisco Unified Computing System, Citrix XenDesktop, and Atlantis ILIO - The Cisco UCS and Atlantis ILIO VDI reference architecture unites the compute, network, virtualization, storage optimization components of a VDI deployment into a cohesive and modular system designed to reduce total cost of ownership (TCO), deliver sustained desktop performance comparable to a physical PC and scale to an unlimited number of desktops without requiring large investment in additional network or storage infrastructure.

Unleashing Seize innovation, accelerate business, drive outcomes. All through the cloud - Cisco's vision of the cloud is one that sees the network as the platform to enable business agility, adaptive IT service delivery and innovation.

Secure Remote Access for the Distributed Business - It's a constant challenge to provide remote users, or teleworkers, with convenient access to enterprise information resources. This challenge can become a problem when teleworkers need remote access from almost anywhere, including a growing number of temporary work locations like airport Internet kiosks, WiFi hot spots, and even computers of friends and relatives. At the same time, enterprise information resources must be protected from attack from those same remote locations.

Storage Federation - IT Without Limits - Storage federation can provide greater scalability, efficiency and reliability than storage virtualization without added complexity. Learn more about storage federation and HP’s Peer Motion software solution.

more: White Papers

CIO Canada	ComputerWorld Canada	Network World Canada	Computer Dealer News	Direction Informatique	IT Business.ca
Click Here to Subscribe Now!

IT World Canada Curated
	Job and Career Resources • Canadian IT Jobs • IT Sales Jobs • Salary Calculator • Tech Learning Space	Knowledge Services • CDN ProFIT - Turnkey Marketing solutions • Visability • Knowledge Store
Subscribe Now- Register

Log In

Google issues patch for desktop vulnerability

Security researchers have discovered a serious flaw in Google Inc.'s desktop software that could be used to wreak havoc on a victim's computer.

Quick Access

Related Content

Comments (0)

Related Videos

Most Popular

Related White Papers

Email
Password