Google has confirmed a phishing vulnerability on its Public Service Search, and the program remains closed for new sign-ups until it is permanently fixed.
"While Google suffered from similar attacks in the past, most of them have had suspicious URLs, at least to the advanced user," Farraro said. "Using the exploit in this service, a malicious attacker could launch phishing sites that even advanced users could fall for."
The Public Service Search application provides cost- and advertising-free searching services for educational institutions and nonprofit organizations across the world.
Cory Altheide, a Google security manager, said on the company's Webmaster Central Blog that a temporary patch is in place and that the search engine giant is not aware of the flaw being exploited for any wrongdoing.
"Our nonprofit and university users are extremely important to us, and we apologize for any inconvenience this may cause," he said last week.
Click here to email Dan Kaplan.