Google patches 'deadly' for Desktop Search
New security errors detected in the Google Desktop application may
New security flaws discovered in Google Desktop applications can "open" PCs for hackers to break in and steal data on users' PCs.
As soon as the warning report and video clearly show how to exploit the above errors posted by Internet security firm Watchfire, Google almost immediately released the patch.
Among the security flaws discovered by Watchfire there is a XSS (cross-site scripting) error that could be exploited by hackers to steal data on PC systems that make mistakes.
Google Desktop uses the same search technology as Google's web search engine. The tool allows users to search and index data on personal computers and shared networks. These data can be temporarily stored on Google's servers.
Watchfire's security research director Danny Allan said hackers could take advantage of XSS bugs to hijack Google Desktop features for their own purposes.
To attack Google Desktop hackers use JavaScript instead of using binary code as in the way of attacking other PC software. With this method of exploiting, hackers can remotely occupy the entire control over the system that makes mistakes. They can get all data from passwords, bank account information to users' web access history .
" We quickly released an update to fix the above security flaws. Users do not need to download the above updates. They are automatically delivered through the auto update feature. Google Desktop , "Google affirmed. " We will continue to check every other Google Desktop version. If it detects an error, it will fully fix it to protect users ."
Google recommends that users should quickly upgrade to the latest version of Google Desktop.
Both Google and Watchfire have confirmed that there has not been any record of user attacks through taking advantage of the newly discovered security flaw.
Error in the roots
Allan's director of security research insists that Google Desktop still has XSS errors. The reason is not that Google has not patched but in the software architecture that links the Google web server and the Google Desktop application on the user's PC.
" Yes, the security flaws just discovered have been fixed. But we want to recommend that Google remove the link between Google.com and the user's PC. Removing this link will eliminate the threat of hackers. It is best to allow users to choose whether or not to connect to Google's web server , "Allan warns.
Thanks to this link, Google Desktop appears as a tag next to other tags like Images or News on the Google homepage if the user has installed the application. This feature allows users to quickly and conveniently switch between Google Desktop and Internet search.
" The catastrophe is likely to occur if another security error is detected in the Google Desktop application ," Allan warned.
Hoang Dung
- Is Google Desktop 2.0 really attractive?
- Google Desktop escapes beta life
- Google upgrade Desktop Search
- Attack on IE via Google Desktop Search
- The hidden search engines of Google you don't know
- New Google Desktop: Crunch the remote computer
- Google shares control of the search engine
- Should not use Google Desktop?
- Some useful uses of Google search pages
- Google Desktop vulnerability before the new attack
What is the Snapdragon SiP chip? How to create a yellow circle around the mouse cursor on Windows Edit the Boot.ini file in Windows XP 3 ways to restart the remote computer via the Internet Vietnam computer market: Looking back a year How to restore deleted applications on Android How to increase the capacity of C drive on Windows 10, 8, 7 ... 8 security features of Windows operating system