Mountain View, Calif.-based Google said it has fixed the problem.
"Google was recently alerted to a potential security vulnerability affecting users of our Web site," a company representative said. "We have since fixed this vulnerability, and all current and future Google.com users are protected."
The warning came only a week after Google released its newest Web search product--a tool to search the files on a PC alongside Web pages. Security experts have scrutinized the technology, with some. Last week, security consultant Richard Smith found clues that could point to a coming instant chat client from the search giant.
Jim Ley, who runs a Web log, posted the warning about Google's script-insertion flaw, which he said has affected Google's main site for as long as two years. But with the addition of Google Desktop, the flaw became more serious, he said, because "it places the results of a desktop search into the output of a regular Google search." He said that the flaw could have allowed third parties to make a record of all the searches people make.
The flaw primarily had affected people using Microsoft's Internet Explorer Web browser, Ley said.