Google Spokesperson, Sonya Boralv, has told News.com that Google has just learned about and is looking into a possible flaw with Internet Explorer that lets unknowing users of both IE and Google Desktop to have information stolen from their database of content. The bug was first reported by Matan Gillon, a researcher in Israel.
A security expert quoted in the story said that the bug looks is an IE/MS issue and not one for Google.
From the article: “This design flaw in IE allows an attacker to retrieve private user data or execute operations on the user’s behalf on remote domains,” Gillon wrote in his description of the attack method. He crafted a Web page that–when viewed in IE on a computer with Google Desktop installed–uses the search tool and returns results for the query “password.” To exploit the flaw, an attacker has to lure a victim to a malicious Web page. “Thousands of Web sites can be exploited, and there isn’t a simple solution against this attack, at least until IE is fixed,” Gillon wrote.
Microsoft is also investigating the issue.
More in the article: IE flaw lets intruders into Google Desktop.
Postscript from Google Spokesperson:
“Google takes the security of its users very seriously. We just learned of this issue and are looking into it.”