We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Google Desktop exposed by serious bug

Patch now available for security hole

Security researchers have discovered a serious flaw in Google Desktop that could be used to wreak havoc on a victim's computer.

The bug, which was made public by Watchfire, has now been fixed. While Google is automatically delivering a patch, Google Desktop users who want to be sure they are running the latest version of the software can download it here. Users should be running version 5.0.701.30540 or later, said Google Spokesman Barry Schnitt.

Google was first notified of the problem on 4 January, and produced its fix on 1 February, a Watchfire spokesman said.

In addition to its bug fix, Google has added, "another layer of security checks to the latest version of Google Desktop to protect users from similar vulnerabilities in the future," Schnitt said. "We have received no reports that this vulnerability was exploited," he added.

Watchfire's research underscores the danger of integrating web-based applications with the desktop, the company said in a white paper.

The flaw lies in a search parameter used by Google Desktop's Advanced Search feature, which could be used to execute malicious JavaScript code, according to Watchfire.

For this attack to work, the criminal would have to first go through a number of steps, including hacking Google.com to find a cross site scripting vulnerability on the website - something that has been done several times in the past year, according to Watchfire.

If successful, however, the attack would be devastating. A criminal could search for anything on the computer or even take over the victim's computer by tricking Google desktop into running malicious software stored on another computer, Watchfire claims.


IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model