A potentially devastating hole in Google Inc.’s prevalent desktop
search product could have exposed personal files on users’ computers to
data thieves. Google fixed the defect within weeks of being informed
about it and says it has no evidence the vulnerability was exploited.

The flaw was uncovered late last year by Watchfire Corp., a
security-analysis provider. While the vulnerability exists in roughly
80 percent of Web applications, this problem appeared far more extreme
“given the sensitive nature of what Google Desktop is doing,” said
Danny Allan, a researcher at Waltham, Mass.-based Watchfire.