A series of security holes in search engine Google's Toolbar, could allow an attacker to read files, reroute searches and execute scripts on an affected PC, according to a security alert released by GreyMagic Software.
GreyMagic identified a total of nine vulnerabilities ranging from minor, such as a website operator being able to tell what keys a user is pressing in the Google search field, to serious — the scripting vulnerability.
The flaws were all patched by Google's automatic update to the Toolbar which was released earlier this week, meaning that many Google Toolbar users should have already had their software updated to protect against the holes.
GreyMagic found the vulnerabilities in version 1.1.58 of the Toolbar. Google is already distributing versions 1.1.59 and 1.1.60 which fix the problems.
Among the less serious flaws found is the search bar keylogging described above, enabling the Page Rank and Category features, which could reveal user information, clear the Toolbar's history or even uninstall the application.
More seriously, by using a specific URL (uniform resource locator) an attacker could reroute searches through his or her own website, allowing the attacker to log information about the user.
By using other URLs containing scripts, an attacker can read files on the affected PC or execute scripts in the same security context that web pages are viewed.
Users can check to see what version of the Google Toolbar they are running by clicking on the Google logo in the Toolbar and selecting About Google Toolbar.
The Google Toolbar can be downloaded here.