Google recently fixed a very severe security risk in Google Desktop - which left users' PCs vulnerable to cross-site scripting attacks, in which hackers can place malicious software on users' computers, AP reports. The problem was reported by Watchfire Jan. 4 and reported as fixed by Google Feb. 1.

The attacker uses JavaScript code to control Google Desktop functionality, Watchfire said in a press release.

While evading current information protection systems, such as anti-virus software and firewalls allowing the attacker to covertly hijack sensitive local information. (For example: Office documents, Media files, emails, in many cases, even deleted emails, chat sessions and files could be accessed.)

Although this vulnerability has been patched, Google Desktop's integration between Web and desktop is a malicious attacker's dream application.

"Application security vulnerabilities need to be taken seriously. As the potential damage of a Cross Site Scripting attack against a desktop application with a Web interface is enormous, Web application security must be comprehensively evaluated and continually monitored," said Michael Weider, founder and CTO, Watchfire. "Industry leaders like Google continue to make strides in security but due to the dynamic nature of applications vulnerabilities can surface."

A Google spokesperson emailed the AP that Google has "taken many steps to protect our users and mitigate such attacks. We've added an additional layer of security checks to prevent the types of attacks pointed out by Watchfire and future possible attacks through this vector as well."