Google patches holes in Toolbar

A series of security holes in the Google Toolbar, an application offered by the popular search engine that adds easily accessible...

A series of security holes in the Google Toolbar, an application offered by the popular search engine that adds easily accessible search features to Web browsers, could allow an attacker to read files, reroute searches and execute scripts on an affected PC, according to a security alert released yesterday by GreyMagic Software.

GreyMagic identified a total of nine vulnerabilities ranging from minor - a Web site operator being able to tell what keys a user is pressing in the Google search field - to serious - the scripting vulnerability.

The flaws were all patched by Google's automatic update to the toolbar, released on Wednesday, meaning that many Google Toolbar users should already be protected against the holes, GreyMagic said.

GreyMagic found the vulnerabilities in version 1.1.58 of the toolbar. Google is already distributing versions 1.1.59 and 1.1.60, which should fix the problems.

Among the less serious flaws found is the search bar keylogging described above, enabling the "Page Rank" and "Category" features that could reveal user information, clearing the toolbar's history or even uninstalling the application.

More seriously, by using a specific Uniform Resource Locator (URL), attackers could reroute searches through their own Web sites, allowing them to log information about users, the security group said.

By using other URLs containing scripts, an attacker can read files on the affected PC or execute scripts in the same security context that Web pages are viewed.

Users can check to see what version of the Google Toolbar they are running by clicking on the Google logo in the Toolbar and selecting "About Google Toolbar".

The Google Toolbar can be downloaded from



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Operating systems software



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...