Google has released an update for the software to patch the vulnerability, which relies on cross-site scripting techniques.
When a user clicks on the link, the code is executed by the Google Desktop application, which then allows the attacker to perform searches on the infected computer.
This could lead to exposed passwords, social security numbers or other confidential information.
The vulnerability is caused by the fact that Google Desktop is linked to the Google.com service.
Watchfire also warned that current antivirus software does not protect against such attacks.
Online application security is a hot topic in the security industry. Acunetix released a study last week in which it claimed that corporate websites contain an average of 66 security vulnerabilities in their online applications.
- A video demonstration of the Google Desktop flaw is available on the Watchfire website
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago