Google Toolbar Security Warning
As many of the readers of Search Engine Journal (including myself) probably have the Google Toolbar installed on your machines, we thought that this warning is quite relevant. The Google Toolbar apparently has a security hole which has been posted on SecurityTracker.com.
It is reported that the ‘About’ section of the Google Toolbar does not properly filter HTML code. A user can create HTML that, when loaded by the target user, will invoke the About page and execute arbitrary scripting code in the context of the page.
Impact: A user can cause scripting code to be executed in the Local Computer security zone.
Solution: No solution was available at the time of this entry.
There has been no security patch issued by Google at the time of press. This may not be a big flaw, but I think that SELowdown’s Andy Beal puts it best ” Google’s toolbar has always worried privacy advocates that perhaps they were collecting too much information. They’re going to freak when the see this security lapse.”
Let’s not blow this out of proportion. This is a “proof of concept” flaw that can only be injected via the Local Compter Zone. It cannot be injected by a remote user or website via the the Internet Zone.
If I had access to your computer locally (sitting down in front of it) in able to do some nasty thing to it, believe me, I would not be there to exploit your Googlebar. ;-)