Chrome and Firefox Browsers Flaw Exposes Them to Clickjacking

Do you use Google Chrome or Mozilla Firefox web browser to surf the internet?

If so, you may be in for a shocker. A Flaw discovered by security researchers exposes Chrome and Firefox to clickjacking. Clickjacking is a process where hackers trick web users into revealing confidential information through having them click on an innocuous web page button/link. Essentially clickjacking takes place when a form of embedded code of script is executed without knowledge to the user when a button or link is clicked on. This process may be used with a legitimate iframe laid over a page where the computer user thinks that they are clicking on one particular button but underneath is a hidden function that the user is not aware of.

Google is aware of this new vulnerability and have claimed to be working on a patch for effected Chrome versions 1.0.154.43 and earlier when running on a system with Windows XP SP2 installed according to Security researcher Aditya K Sood of SecNiche.

Sood discovered the flaw on January 27th which was only a couple days ago and has then since posted proof on the concept on a forum called the Bugtraq vulnerability disclosure forum. Sood said within this disclosure, “Attackers can trick users into performing actions which the users never intended to do and there is no way of tracing such actions later, as the user was genuinely authenticated on the other page.”

Researchers will agree that clickjacking in general does effect all web browsers. While there is no easy fix for this issue or discovered vulnerability Google is working with others to come up with a standardized long-term mitigation approach as explained by an Australian Google source.

Nishad Herath, chief executive of Australian security consultancy Novologica, said “Clickjacking means that any interaction you have with a website you’re on, for example like clicking on a link, may not do what you expect it to do.”

Let this be a caution notice to computer users when you may be clicking on a link or button and it does something totally different from what you expected it too. Use caution in any situation and it is best to keep your web browser up to date applying any and all security patches available.