Security experts have uncovered a vulnerability in Google Desktop which could enable a malicious hacker to achieve remote access to sensitive data and, in some conditions, full system control.
Web application security firm Watchfire claims to have uncovered a vulnerability which highlights the danger of integration between desktop and web-based applications.
The flaw could allow an attacker to escalate privileges by crossing from the web environment to the desktop application environment.
The vulnerability centres on integration between the Google.com site and Google Desktop, and Google Desktop's failure properly to encode output containing malicious or unexpected characters, the security firm said.
An attacker could evade current information protection systems, such as antivirus software and firewalls, allowing them to covertly hijack sensitive local information.
Google has issued a patch which mitigates the immediate risk of the attack, Watchfire said.
"Application security vulnerabilities need to be taken seriously," said Michael Weider, founder and chief technology officer at Watchfire.
"As the potential damage of a cross-site scripting attack against a desktop application with a web interface is enormous, web application security must be comprehensively evaluated and continually monitored.
"Industry leaders like Google continue to make strides in security but vulnerabilities can surface due to the dynamic nature of applications."
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago