The news comes as Amazon has started offering a widget service to third-party Web sites as a means of making some extra dosh.
According to Finjan's third quarter security trends report from its MCRC (Malicious Code Research Centre), widgets contain program code that is vulnerable to exploits by hackers and criminals.
Just as happened when the first IM and Internet Chat applications appeared on the Web, it seems that widgets have opened up a new digital can of worms.
As a result, Finjan is calling for a new security model to be developed by the IT security industry, so that users can be protected against widget-loading malware.
The bad news is that Finjan claims to have discovered that all types of widget environments - operating system, third-party applications and good old-fashioned Web widgets - are open to abuse by crims.
And just to make things worse, Finjan also claims to have discovered vulnerable widgets that were already available - some in their default installation mode - already in the widget space.
Thankfully for most Netters, widget usage is still very much in its infancy, but the problem they pose is potentially quite significant. Read more from the Finjan report here...