Google working on fix for clickjacking vulnerability in Chrome

Share this article:
In the same week that Microsoft detailed plans to implement anti-clickjacking capabilities in Internet Explorer 8 (IE8), a proof-of-concept (PoC) clickjacking exploit for Google Chrome emerged.
Researcher Aditya Sood published the Chrome clickjacking vulnerability PoC on Wednesday. He said he was impressed that Microsoft attempted to fix the clickjacking issue in IE8 and this drove him to examine whether the problem exists elsewhere.

“The motto behind the release of vulnerabilities is to develop and design a highly efficient browser for the users,” Sood, founder of SecNiche Security, told on Friday.

Clickjacking occurs when an attacker places an invisible button just above the viewable content of the web page. The attacker then waits for the user to mistakenly click the button. Once the user has clicked the infected button, they unknowingly can be forced into actions not otherwise intended.

Google said in a statement that it was working on a permanent fix.

“The issue is tied to the way the web and web pages were designed to work, and there is no simple fix for any particular browser,” the company said. “We are working with other stakeholders to come up with a standardized long-term mitigation approach.”

To avoid the possibility of clickjacking, users should remember to log out of all websites when they are finished and to periodically delete their cookie files to ensure proper logout.

To lessen the potential dangers to clickjacking, use version 10 of Adobe Flash and if browsing with Firefox, install the NoScript plugin, said Jeremiah Grossman, founder and CTO of web security firm WhiteHat Security.

Grossman and fellow researcher Robert "RSnake" Hansen last year demonstrated a clickjacking PoC using Adobe Flash. The pair was among the first to convey the severity of the clickjacking threat, saying it can affect all major web browsers.

Soon after, Adobe patched the flaw, which could have given an attacker access to a victim's webcam and microphone.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Millenials improve security habits, more interested in cyber careers, still need guidance

Millenials improve security habits, more interested in cyber ...

Raytheon's second annual survey on the online and security behavior of Millennials shows improvement but still a long way to go.

Pakistani man indicted over spyware app creation

Hammad Akbar created StealthGenie, which allowed the purchaser to secretly monitor a cell phone's communications.

FDA finalizes guidelines on medical device, patient data security

The recommendations are aimed at providing better protecting patient health and data, as well as hoping device manufacturers take into account cybersecurity risks in the early stages of development.