Google shuts hole in desktop product

A potentially devastating hole in Google Inc.'s prevalent desktop search product could have exposed personal files on users' computers to data thieves. Google fixed the defect within weeks of being informed about it and says it has no evidence the vulnerability was exploited.

The flaw was uncovered late last year by Watchfire Corp., a security-analysis provider. While the vulnerability exists in roughly 80 percent of Web applications, this problem appeared far more extreme "given the sensitive nature of what Google Desktop is doing," said Danny Allan, a researcher at Waltham, Mass.-based Watchfire.