Wed, Dec 19 2007 17:57 Don

Google Toolbar flaw opens door for attackers

Google Inc. said Tuesday that it is working to fix a bug in its Google Toolbar software that could enable cybercriminals to steal data or install malicious software on systems.

The flaw lies in the mechanism for adding custom buttons to the tool bar, according to a blog posting by security researcher Aviv Raff, who issued the first warning about the problem.

Because the tool bar doesn't perform adequate checks when new buttons are being installed, an attacker could spoof the origin of a button and make it appear to be coming from a legitimate Web site, Raff wrote. He added that the attacker then could download malicious files or launch phishing attacks against users who install the button on their tool bars.

Full Story at computerworld.com 

 

Filed under: