Netcraft discovered a vulnerability in the application used to search Google's own site on the 20th October. The problem would have allowed fraudsters to inject their own content onto Google's site, thus making it far more likely that people would believe a scam. Google fixed the problem less than two days after being notified.
However. Salvatore Aranzulla, an Italian journalist, discovered a cross-site scripting vulnerability in the Google Desktop search application on 25th October. Google Desktop is currently offered as a beta test service, but there have been privacy concerns, which this vulnerability will exacerbate.