Google has issued a patch for a serious vulnerability involving Google Desktop that would have allowed attackers to steal personal information and possibly take control of a system remotely.

Researchers at Watchfire found the product was susceptible to cross-site scripting attacks that hijack the Google Web interface in order to jump from the Internet to the desktop Web environment. The attack works by getting users to click on a link that loads malicious JavaScript.

Google Desktop serves as a fast search mechanism for documents, e-mails, instant messaging transcripts, archived Web pages and other data on PCs. A Google executive once described it as "the photographic memory of your computer." An attacker with control of Google Desktop can search for virtually anything on the computer, including Office documents, e-mails, media files and Web history cache.

Dan Allan, director of security research at Watchfire, said the tight integration between desktop and Web-based applications can be dangerous.