Company representatives said that they have not received any reports of the vulnerability being exploited on end-users' machines.

Watchfire researchers said the new security patch appears to fix the flaw and prevent XSS attacks on users of Google Desktop whose systems have been updated.

Security analysts considering the problem said it highlighted the need for businesses to look carefully at programs such as Google Desktop that straddle the line between personal and professional PC usage.

Although the application may be very useful, and most often gets pulled into the corporate environment by people who use it at home, Google is not a maker of business-grade software and doesn't follow the same security processes as large manufacturers of such products, said John Pescatore, analyst at Gartner.

Unlike Microsoft, Oracle, or Sun Microsystems, Google does not publish regular security bulletins or even offer specific details of issues it has already fixed, Pescatore said.