Critical flaw in Google Desktop Product fixed

Late last year the security-analysis provider Watchfire Corp. found a flaw in the worldwidespread Google Desktop Search product that left personal files on the PC open to cross-site scripting attacks.

This vulnerability exists in roughly 80 percent of Web applications but this problem is far more extreme "given the sensitive nature of what Google Desktop is doing," said Danny Allan, a researcher at Waltham, Mass.-based Watchfire.

However, there is no evidence this vulnerability was exploited. Google managed to fixed the flaw within weeks of being informed.