Unsafe buttons in Google's toolbar

The Google Toolbar allows vendors and websites to install additional buttons, for example, to make it easier to search through their sites. However, security researcher Aviv Raff has discovered that an attacker can spoof information displayed during installation, both the origin of the button and the domain it exchanges information with. This simplifies attacks as criminals could use the button to conduct phishing attacks or persuade users to download and run programs from what they mistakenly believe is a trusted domain.

Read the article HERE.