Clickjacking vulnerability in Chrome discovered

By Justin Mann on January 29, 2009, 4:27 PM
Anyone who uses Chrome should be aware that an interesting and potentially dangerous vulnerability has been discovered. In the most current version of the browser, it is possible for someone to be fooled into viewing a site or submitting data to a page using a method known as clickjacking. As the links can be disguised, it can be difficult to tell when it is occurring. An example is a link that will appear normal in the browser, including the URL preview pane, but then redirect the user to a different page.

A proof of concept page was put up for demonstration. Google has confirmed that it is already working on a fix for the flaw, but until that arrives, itís easy to see how this can be abused with dummy pages setup to look like the real thing. Upon redirection, people may not pay attention to what shows up in the address bar, and give away information they shouldn't.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.