Seemingly innocent widgets (or gadgets) are exposing computer users to a whole host of attacks.
Widgets add functions to websites and applications, but can also contain code that is vulnerable to exploits by hackers and criminals.
Security software firm Finjan's research suggests that new attacks that exploit the insecurities of widgets are imminent, and that a revised security model should be explored in order to keep users protected from such attacks.
All types of widget environments - OS, third party applications and web widgets - were found by Finjan to be plagued with inadequate security models that allowed malicious widgets to run.
In addition, Finjan has found vulnerable widgets that were already available - some in the default installation - in the widget environment. These findings have already prompted Microsoft and Yahoo to issue security advisories and patches to address security issues, said Finjan.