Google patches desktop search flaw

Posted by Humphrey Cheung

Mountain View (CA) - Google has patched a vulnerability in its Google Desktop Search. The vulnerability was discovered by researchers at the Watchfire computer security company and could have allowed hackers to remotely hijack sensitive information or even take complete control of a machine. Watchfire has released a whitepaper and detailed video instructions on how to execute a successful attack. 

Google Desktop Search is a extra downloadable tool that scours your hard-drive for information and you can think of it as a miniature Google just for your computer. Email contents, Word documents and even your hard-drive can be searched. It's this hard-drive search that is at the heart of the vulnerability.

Users of Desktop Search can look through hard-drive directories with the "under:" parameter. For example, if you wanted to look in your World of Warcraft folder, you would type under:"c:\world of warcraft". Watchfire says the under: parameter can be remotely exploited to run a malicious JavaScript program which could bypass firewalls and anti-virus filters.

Google Desktop Search automatically updates through the Internet and Google issued a patch a few weeks ago. Google believes that no computers were actually compromised through this vulnerability.