Google Toolbar Vulnerability

Google Toolbar Vulnerability
Page content

Google Toolbar is a browser toolbar for Internet Explorer and Mozilla Firefox. You can download it from Google for free and install to your browser. Once installed it resides above the tab bar of the browser and provide a search box for performing web searches. It also includes several features that are quite useful for both novice and advanced Internet users. AutoLink, AutoFill, translation, and spell checker are some of them. Although there are controversies about vulnerabilities of the Google Toolbar, it is a handy tool that saves a lot of time when surfing the Internet.

Google Toolbar Vulnerabilities

There have long been talks about vulnerabilities in Google Toolbar. An earlier had security flaws in its “About” page. Also there were chances that an attacker could read files on an affected computer or execute scripts. In the latest versions these issues have been fixed. Still there are concerns about privacy.

Google Toolbar - Custom Button Spoofing Vulnerability

The custom button spoofing vulnerability was another of the early security issue in Google Toolbar. Affected versions were Google Toolbar 5 beta for Internet Explorer, Google Toolbar 4 for Internet Explorer, and Google Toolbar 4 for Firefox (partially). The weakness is also confirmed in version 4.0.1601.4987 for Internet Explorer. In this case an attacker may install malicious software or conduct phishing attacks by asking the user to install a new button for Google Toolbar. However, Google considers this as non-critical, due to the fact that it involves several steps before a user get infected.

Security Issues in ‘About’ Section

It is reported that the ‘About’ section of the Google Toolbar doesn’t properly filter HTML code. This was first reported in 2004. When the user loaded the HTML that was created by the attacker, it will invoke the ‘About’ page in Google Toolbar. Then it executes arbitrary scripting code in the context of the page. The risk is a user can execute a scripting code within the Local Computer security zone.

Google Toolbar and Firefox Security Vulnerability

Today many users surf Internet using Firefox. Therefore this browser has been a popular subject for hackers. Vulnerability has been detected related to Firefox extensions when the user goes to upgrade add-ons. This issue is detected in Firefox extensions such as Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, and AOL Toolbar, etc.

An attacker can silently install malicious software onto computers via an upgrade mechanism in these Firefox extensions. The only way to secure the upgrade path and their updates is to use SSL technology. That means use only sites with https:// instead of https:// when upgrading those extensions.

Privacy

Privacy is another issue in Google Toolbar. Because of its importance, it is always susceptible for security vulnerabilities. Tracking of browsing patterns and automatic installation of updates for the toolbar without the user’s knowledge has been criticized. Also the privacy policy is revised without notice.

Fixing Google Toolbar Vulnerabilities

Probably the best way to face the vulnerabilities of Google Toolbar is to make sure that you have installed the latest version of Google Toolbar. Most of the above security flaws have been fixed by Google, introducing fixed and newer versions with lesser susceptibility to vulnerabilities. Also it is highly advised to use the latest versions of Internet Explorer and/or Mozilla Firefox whenever possible. Updating your operating system with the latest security fixes and patches will further minimize the possible Google Toolbar vulnerabilities to your computer.

This post is part of the series: Google Toolbar

Google Toolbar is a nice and handy tool that saves a lot of time of an avid internet user while residing above the tab bar of the browser. Read these articles to know what can you do with it, how to use this great tool effectively and any related issues.

  1. Is Your Google Toolbar Vulnerable