Since last week, two Google Desktop vulnerabilities have been reported. According to  InfoWorld, these vulnerabilities allow attacks on multiple PCs linked by the application by the means of cross site scripting (XSS). Google claims to have fixed the earlier vulnerability, but there is no news as to when the current vulnerability will be fixed. Because of this, caution should be used when using Google Desktop until a fix is available.

Excerpts from the InfoWorld Article:

"This attack is almost undetectable, it won’t get picked up by any anti-virus system or firewall, and it can be used in a lot of different ways to harm end users," said the director of security research at Watchfire, Danny Allen.

"It allows someone using the attack to control all the applications on a computer or access the network to which an affected machine is attached, and it is almost impossible to get rid of." "All of the data on a Google desktop can now be siphoned off to an attacker’s machine," he (Robert Hansen) said.

"A lot of these new attack techniques are going to require the browsers to improve," Grossman said. "The users really have very little ability to protect themselves against these attacks" he said. "It’s very bad. Even the experts are afraid to click on each other’s links anymore."

Technorati Tags: Google Desktop, Security Vulnerability, Just, Another, Mobile, Monday