Google has modified its Google Desktop search tool to prevent users’ PCs from being attacked by hackers using a...
vulnerability in Microsoft’s Internet Explorer browser.
Microsoft was considering whether to issue a patch or advisory on the potential problem after it was publicised last week by an Israeli internet security expert.
Matan Gillon said he had found a way to steal a user’s desktop information when Internet Explorer was used to access Google’s desktop search service. The problem did not affect any other browser, he said. Any stolen information could have been used by thieves to commit fraud.
Google said it had now made an adjustment in the way its service worked with Internet Explorer, closing the potential opening to users’ data.
The bug was related to the way the browser processes web page layout information using the CSS (Cascading Style Sheets) format.
The CSS format is widely used to improve the way websites look and feel, but attackers could take advantage of the way IE processes CSS data to steal information.
To fall victim to the flaw, attackers first had to get internet users to visit a malicious website, used to harvest the user’s desktop data.