Gumblar -Google & IE WEB Attack Picks Up Speed
 

Wednesday, May 20th, 2009

[A Web attack that poisons Google search results is getting worse, according to security researchers.

The attack first relies on compromising normally legitimate website and planting malicious scripts. US CERT reports that stolen FTP credentials are reckoned to be the main technique in play during this stage of the attack but poor configuration settings and vulnerable web applications might also play a part.

Surfers who visit compromised websites are exposed to attacks that rely on well-known PDF and Flash Player vulnerabilities to plant malware onto Windows PCs.

This malware is designed to redirect Google search results as well as to swipe sensitive information from compromised machines, according to early findings from ongoing analysis.]
more -
http://cyberinsecure.com/category/google/
scroll down that same page for more info{a sample below}.

April 28th, 2009
Computers With Internet Explorer And Google Chrome Installed Are At Risk

[Security problems surrounding protocol handling and Web browsers have surfaced again — this time with Google Chrome and Microsoft’s Internet Explorer. The “high severity” vulnerability affects Google Chrome versions 1.0.154.55 and earlier.

According to an advisory from the Google Chrome team, there’s an error in handling URLs with the a chromehtml: protocol that could allow an attacker to run scripts of his choosing on any page or enumerate files on the local disk under certain conditions.]