Google Blogoscoped


Google Toolbar dialog spoofing vulnerability

Juha-Matti Laurio [PersonRank 10]

Wednesday, December 19, 2007
13 years ago2,103 views

This is how the author Aviv Raff describes the new vulnerability in Google Toolbar:

"Google Toolbar allows spoofing the information presented in the dialog which is being displayed when adding a new Google Toolbar button. This can allow an attacker to convince the users that his button comes from a trusted domain. This button can then be used to download malicious files or conduct phishing attacks (e.g. show a login form of a bank)."

Report with several screenshots is available at ...

There is no fix available, but the good news are here:
Google have acknowledged this and are already working on a fix.
Until a fixed version is provided, he suggests to avoid adding new buttons to the toolbar.

Juha-Matti Laurio [PersonRank 10]

13 years ago #

This was covered at eWEEK magazine too:,1895,2236 ...

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home


Blog  |  Forum     more >> Archive | Feed | Google's blogs | About


This site unofficially covers Google™ and more with some rights reserved. Join our forum!