silicon-valley-sleuth

a blog from

Google Desktop falls victim to XSS flaw

  • Tweet this

Online attackers can gain access to the Google Desktop application through a cross site scripting attack, researchers at Watchfire have discovered.

Sidebar We've seen cross site scripting vulnerabilities before, but this one is amazingly easy to demonstrate on your home or office computer, provided that you are running Google Desktop and haven't just updated it.

Curious? Go to your Google Desktop search page and type in the following:

22 Feb 2007

under:<script>alert(This is all it takes)</script>

Once you enter that instruction, an alert box will pop up with the text "This is all it takes" inside. Displaying an alert box might not be anything serious, but that attacker can also insert more harmful commands that can expose confidential information, or worse.

Now go to Google and download the latest Google Desktop update.

Googleleak

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Recent posts

Related articles

Browse posts by date

Cal_navigation_previousJanuary 2012Cal_navigation_next
MonTueWedThuFriSatSun
       
1
       
2345678
       
9101112131415
       
161718202122
       
23242526272829
       
3031
To send to more than one email address, simply separate each address with a comma.