Researchers have uncovered a new vulnerability in Google Desktop that has the potential to allow attackers to launch previously installed malicious software.
This vulnerability in Google Desktop is just proof-of-concept as of now, however it also highlights security concerns surrounding the growing number of Web-based applications.
According to Robert Hansen, CEO of Internet security firm Sectheory.com, said that this latest Google Desktop vulnerability makes use of a “man-in-the-middle” assault where a malicious hacker steps between a user and Google’s server.
Hansen had posted the proof-of-concept on Ha.ckers.org, where he is a regular contributor.
“It could be done as a prank or something malicious,” Hansen said at the Ha.ckers.org site. “The point being these types of deep integration between the web and client side applications is really dangerous and breaks the security models put in place by the browsers.”
If the attack happens to be a successful one, the hackers would then present victims Web pages that in reality run malicious software.
Google has its own security theme, and will well be looking at this problem even as you read this.