Google has modified its Google Desktop search tool to
prevent users’ PCs from being attacked by hackers using a
vulnerability in Microsoft’s Internet Explorer
browser.
Microsoft was considering whether to issue a patch or advisory
on the potential problem after it was publicised last week by an
Israeli internet security expert.
Matan Gillon said he had found a way to steal a user’s desktop
information when Internet Explorer was used to access Google’s
desktop search service. The problem did not affect any other
browser, he said. Any stolen information could have been used by
thieves to commit fraud.
Google said it had now made an adjustment in the way its service
worked with Internet Explorer, closing the potential opening to
users’ data.
The bug was related to the way the browser processes web page
layout information using the CSS (Cascading Style Sheets)
format.
The CSS format is widely used to improve the way websites look
and feel, but attackers could take advantage of the way IE
processes CSS data to steal information.
To fall victim to the flaw, attackers first had to get internet
users to visit a malicious website, used to harvest the user’s
desktop data.
Users could have prevented such attacks by turning off
JavaScript in their browsers. JavaScript is used by website
developers to make their sites more attractive. Despite Google’s
move, Microsoft is still considering issuing its own security
update.