A series of attacks based on a flaw in the way the Google tool bar uses URLs to alter browser settings has been described by Israeli security outfit GreyMagic Software.

In its mildest forms, exploiting the bug will allow an attacker to irritate a user with such stunts as clearing his toolbar history or uninstalling the Google feature. In its worst forms, it can tap keyboard input, re-route searches and allow files to be read and programs to execute in the "My Computer" security zone.

When the bug is exploited using the res:// protocol it becomes most dangerous. The protocol is used to embed and access HTML in an .exe or .dll file.

The GMS advisory with links to harmless, fun demonstrations is posted here.

"Google has been very responsive and quick to produce a fixed version (1.1.59/1.1.60)," GMS says. The Google tool bar has an auto-update feature which ought to have brought the majority of users up to date. ®