Wed, Dec 19 2007 17:57
Google Toolbar flaw opens door for attackers
Google Inc. said Tuesday that it is working to fix a bug in its Google Toolbar software that could enable cybercriminals to steal data or install malicious software on systems.
The flaw lies in the mechanism for adding custom buttons to the tool bar, according to a blog posting by security researcher Aviv Raff, who issued the first warning about the problem.
Because the tool bar doesn't perform adequate checks when new
buttons are being installed, an attacker could spoof the origin of a
button and make it appear to be coming from a legitimate Web site, Raff
wrote. He added that the attacker then could download malicious files
or launch phishing attacks against users who install the button on
their tool bars.
Full Story at computerworld.com
Filed under: Alerts