Security researchers have discovered a serious flaw in Google’s desktop software that could be used to wreak havoc on a victim’s computer.The bug, which was made public Wednesday by Watchfire, has now been fixed. While Google is automatically delivering a patch, Google Desktop users who want to be sure they are running the latest version of the software can download it here. Users should be running version 5.0.701.30540 or later, said Google spokesman Barry Schnitt via e-mail.Google was first notified of the problem on Jan. 4, and produced its fix on Feb. 1, a Watchfire spokesman said Wednesday. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe Google Screenshot In addition to its bug fix, Google has added “another layer of security checks to the latest version of Google Desktop to protect users from similar vulnerabilities in the future,” Schnitt said. “We have received no reports that this vulnerability was exploited,” he added. Watchfire’s research underscores the danger of integrating Web-based applications with the desktop, the company said in a white paper, published Wednesday.The flaw lies in a search parameter used by Google Desktop’s Advanced Search feature, which could be used to execute malicious JavaScript code, according to Watchfire. For this attack to work, the criminal would have to first go through a number of steps, including hacking Google.com to find a cross-site scripting vulnerability on the website—something that has been done several times in the past year, according to Watchfire.If successful, however, the attack would be devastating. A criminal could search for anything on the computer or even take over the victim’s computer by tricking Google desktop into running malicious software stored on another computer, Watchfire claims.-Robert McMillan, IDG News Service (San Francisco Bureau)Check out our CIO News Alerts and Tech Informer pages for more updated news coverage. Related content brandpost A new solution offers fresh air—not as a dream, but a service Believing that everyone should have clean air, heating, ventilation, and air conditioning, (HVAC) company ActoVent built a solution accurately monitoring indoor air quality and ensuring that only purified air circulates. By Keith E. Greenberg, SAP Contributor Oct 03, 2023 5 mins Digital Transformation opinion Why all IT talent should be irreplaceable Forget the conventional wisdom about firing irreplaceable employees. Because if your employees aren’t irreplaceable, you’re doing something wrong. By Bob Lewis Oct 03, 2023 5 mins Hiring IT Skills Staff Management case study ConocoPhillips goes global with digital twins Initial forays into using digital twins across its major fields has inspired the multinational hydrocarbon exploration and production company to further adopt the technology across its entire portfolio. By Thor Olavsrud Oct 03, 2023 8 mins CIO Mining, Oil, and Gas Digital Transformation brandpost ST Engineering showcases applications of new technologies to stay ahead of disruption By Jane Chan Oct 03, 2023 7 mins Generative AI Digital Transformation Innovation Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe