- slide 1 of 7
Google Toolbar is a browser toolbar for Internet Explorer and Mozilla Firefox. You can download it from Google for free and install to your browser. Once installed it resides above the tab bar of the browser and provide a search box for performing web searches. It also includes several features that are quite useful for both novice and advanced Internet users. AutoLink, AutoFill, translation, and spell checker are some of them. Although there are controversies about vulnerabilities of the Google Toolbar, it is a handy tool that saves a lot of time when surfing the Internet.
- slide 2 of 7
Google Toolbar Vulnerabilities
There have long been talks about vulnerabilities in Google Toolbar. An earlier had security flaws in its “About” page. Also there were chances that an attacker could read files on an affected computer or execute scripts. In the latest versions these issues have been fixed. Still there are concerns about privacy.
- slide 3 of 7
Google Toolbar - Custom Button Spoofing Vulnerability
The custom button spoofing vulnerability was another of the early security issue in Google Toolbar. Affected versions were Google Toolbar 5 beta for Internet Explorer, Google Toolbar 4 for Internet Explorer, and Google Toolbar 4 for Firefox (partially). The weakness is also confirmed in version 4.0.1601.4987 for Internet Explorer. In this case an attacker may install malicious software or conduct phishing attacks by asking the user to install a new button for Google Toolbar. However, Google considers this as non-critical, due to the fact that it involves several steps before a user get infected.
- slide 4 of 7
Security Issues in ‘About’ Section
It is reported that the ‘About’ section of the Google Toolbar doesn’t properly filter HTML code. This was first reported in 2004. When the user loaded the HTML that was created by the attacker, it will invoke the ‘About’ page in Google Toolbar. Then it executes arbitrary scripting code in the context of the page. The risk is a user can execute a scripting code within the Local Computer security zone.
- slide 5 of 7
Google Toolbar and Firefox Security Vulnerability
Today many users surf Internet using Firefox. Therefore this browser has been a popular subject for hackers. Vulnerability has been detected related to Firefox extensions when the user goes to upgrade add-ons. This issue is detected in Firefox extensions such as Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, and AOL Toolbar, etc.
An attacker can silently install malicious software onto computers via an upgrade mechanism in these Firefox extensions. The only way to secure the upgrade path and their updates is to use SSL technology. That means use only sites with https:// instead of http:// when upgrading those extensions.
- slide 6 of 7
- slide 7 of 7
Fixing Google Toolbar Vulnerabilities
Probably the best way to face the vulnerabilities of Google Toolbar is to make sure that you have installed the latest version of Google Toolbar. Most of the above security flaws have been fixed by Google, introducing fixed and newer versions with lesser susceptibility to vulnerabilities. Also it is highly advised to use the latest versions of Internet Explorer and/or Mozilla Firefox whenever possible. Updating your operating system with the latest security fixes and patches will further minimize the possible Google Toolbar vulnerabilities to your computer.