Google toolbar exposes PCs to attack
Published: 09 Aug 2002 11:26 BST
An Israeli security firm has discovered a security vulnerability in Google's Internet Explorer toolbar that could allow an attacker to run malicious code on a user's PC, read private files, and carry out other intrusions.
According to GreyMagic Software, a flaw in the Google Toolbar version 1.1.58 and earlier allows an attacker to embed code in any Web page that fools the toolbar into executing the attacker's commands. These commands can include altering the toolbar's parameters, which allows the attacker to hijack searches, alter the appearance of the toolbar or uninstall it completely. It also, more dangerously, allows the attacker to execute code on the user's PC.
Google issued a new version of the toolbar fixing the problem, via its automatic update feature, on Wednesday. As of Friday, the current version of the toolbar is 1.1.60.
GreyMagic's exploits centre around the fact that the toolbar uses simple URLs to control the software's features or execute scripts. Changes to the toolbar settings are made via a URL such as "http://toolbar.google.com/command?(changes here)", and scripts can be executed at "http://toolbar.google.com/command?script=(any script)".
The toolbar only allows changes to take place if the document being viewed in the browser is in the google.com domain, or is viewing any location using a special "resource" protocol, meant for accessing system resources on the local computer. (Resource protocol addresses take the form "res://(address)".)
However, GreyMagic demonstrated that this restriction could be easily circumvented by opening a "res://" or google.com page, and then using a script to change the URL to the desired malicious address.
All a Google Toolbar user would have to do would be to visit a particular URL -- which could be distributed through an email, for example -- and a script embedded in the page could read files on the user's hard disk, alter the configuration of the toolbar to hijack searches or execute malicious commands. Since the commands can be executed in the "My Computer" security zone, they do not have many restrictions.
GreyMagic said that several demonstrations of such exploits are available on its Web site.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
50 out of 113 people found this useful
- Share this article:
Full Talkback thread
2 comments
-
I don't know who to turn to because the company I... Ravenna Lea Coleman -
First thing.. if running XP turn off the syst... Simon Downes
