A series of attacks based on a flaw in the way the Google tool bar uses URLs to alter browser settings has been described by Israeli security outfit GreyMagic Software. In its mildest forms, exploiting the bug will allow an attacker to irritate a user with such stunts as clearing his toolbar history or uninstalling the Google feature. In its worst forms, it can tap keyboard input, re-route searches and allow files to be read and programs to execute in the "My Computer" security zone. When the bug is exploited using the res:// protocol it becomes most dangerous. The protocol is used to embed and access HTML in an .exe or .dll file.