diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Google Toolbar Dialog Spoofing Vulnerability

Google Toolbar versions 4 & 5 allows spoofing the information presented in the dialog which is being displayed when adding a new Google Toolbar button. This can allow an attacker to convince the users that his button comes from a trusted domain. This button can then be used to download malicious files or conduct phishing attacks (e.g. show a login form of a bank).

Google Toolbar provides a nice API for creating toolbar buttons. Basically, the button information is stored in an XML file.

In order to add a button, the toolbar user must click on a specially crafted link which refers to the button’s XML file. When the user click on the link, a dialog appears with all the following details: The domain where the button is being downloaded from, the name, description and icon of the button and some “privacy considerations”, which basically shows the domains which the button interacts with (sends/receive information).

Full Article

Google, Google Toolbar, Vulnerability, Exploit, Spoofing

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...