Google Blogoscoped

Forum

Google Toolbar dialog spoofing vulnerability

Juha-Matti Laurio [PersonRank 10]

Wednesday, December 19, 2007
13 years ago2,103 views

This is how the author Aviv Raff describes the new vulnerability in Google Toolbar:

"Google Toolbar allows spoofing the information presented in the dialog which is being displayed when adding a new Google Toolbar button. This can allow an attacker to convince the users that his button comes from a trusted domain. This button can then be used to download malicious files or conduct phishing attacks (e.g. show a login form of a bank)."

Report with several screenshots is available at
aviv.raffon.net/2007/12/18/Goo ...

There is no fix available, but the good news are here:
Google have acknowledged this and are already working on a fix.
Until a fixed version is provided, he suggests to avoid adding new buttons to the toolbar.

Juha-Matti Laurio [PersonRank 10]

13 years ago #

This was covered at eWEEK magazine too:
eweek.com/article2/0,1895,2236 ...

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!