A hacker finds a way to use a booby-trapped Web page to trick Google Toolbar users into adding malicious buttons to the browser. A dialog spoofing vulnerability in the popular Google Toolbar could be exploited by malicious hackers to execute malicious files or launch identity theft attacks, according to a warning from security researcher Aviv Raff.

Raff, a well-known hacker who regularly finds and reports software vulnerabilities, figured out a way to use a booby-trapped Web page to trick Google Toolbar users into adding malicious buttons to the toolbar. In an IM interview with eWEEK, Raff said multiple versions of the toolbar allows spoofed information to be presented to the user when adding a new browser toolbar icon/button. Unpatched Google Toolbar Flaw Presents ID Theft Risk

Technorati Tags: Google Toolbar, ID Theft