Aranzulla has published details about the new vulnerability on his web site, where he includes some example exploits (Italian). He claims that inexperienced users may be susceptible to phishing attacks like these, while more experienced users may become suspicious due to the long URLs that are typically involved in exploiting cross site scripting vulnerabilities.
It is not clear whether Aranzulla notified Google before making his discovery public. As we previously reported, Jim Ley experienced difficulties when he tried to notify Google about a similar exploit he discovered more than two years ago. Conversely, a different vulnerability discovered by Netcraft last week, was closed within two days of being reported to Google.
The Google Desktop application is currently offered as a beta service. The tool allows you to use Google's familiar interface to find your email, files, web history and chats instantly. This level of power has raised some privacy concerns among users, particularly in light of the recent discoveries of vulnerabilities and the way in which it indexes files on shared PCs.
Posted by Paul Mutton in Security
Your link here? Advertising on the Netcraft Blog