Security Alert: Google Desktop XSS Flaw

A cross-site scripting (XSS) vulnerability has been found in the Google Desktop application. The flaw, first discovered in October 2006, enables an attacker to search for and steal data from a user's system.

Google released an updated version of the Google Desktop client that fixes the flaw earlier this month. If you use Google Desktop, make sure you are running the latest version, 5.0.701.30540. The latest version of Google Desktop can be downloaded from the Google Desktop site, http://desktop.google.com/.

For more details on the vulnerability, please see http://www.securityfocus.com/news/11443.

You have been warned.