An Israeli security expert named Matan Gillon has recently discovered a method for stealing information using Google Desktop Search through an unpatched security vulnerability in Internet Explorer.
The security flaw lies in how Internet Explorer manages CSS (Cascading Style Sheets) operations. CSS is a method for layering web pages when multiple sites are opened in a browser.
Matan Gillon stated that this vulnerability in Internet Explorer allows attackers to steal personal information from users and potentially inject malware into the system. Interestingly, the Google Desktop tool, which is typically very user-friendly with Internet Explorer, has become a means to exploit this security flaw.
For skilled hackers, a simple approach to Windows computers with Google Desktop installed could yield significant passwords from the victim’s machine. Additionally, this security vulnerability also facilitates hackers in tricking users into accessing malicious websites to compromise their systems.
Microsoft is actively investigating this unusual combination and acknowledges that this security flaw has affected numerous individual websites, especially those requiring users to input usernames and passwords. Microsoft has not yet definitively determined whether this vulnerability can be exploited to deploy malware, but some experts have confirmed that this is entirely possible.
Sonya Boralv, a spokesperson for Google, stated that Google is also actively investigating this issue.
Security expert Tom Ferris noted that this vulnerability is similar to other security flaws found in Internet Explorer, but Gillon’s ingenuity lies in his ability to identify how Google Desktop can be used to steal data files.
Gillon mentioned that this security flaw does not exist in browsers like Firefox and Opera. He advised users to switch to a different browser or disable the JavaScript feature in Internet Explorer to mitigate the aforementioned security vulnerability.