How serious is the fallout from the Google Chrome clickjacking vulnerability? Is there a mitigation that can be...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
put in place to avoid serious issues stemming from this vulnerability, or should users consider switching to another browser?
Clickjacking is where malicious code is hidden on a webpage, which gives the impression that a user is clicking on a legitimate link instead of something malicious. The clickjacking vulnerability in Google Chrome was recently identified by security researcher Luca De Fulgentis on support.google.com. The vulnerability allowed a malicious webpage with the exploit code for the clickjacking vulnerability to extract potentially sensitive data from Chrome like email address. This Google Chrome vulnerability is a serious issue, but all of the major Web browsers have suffered clickjacking vulnerabilities at some point. Microsoft, Google and other browser vendors have been working on clickjacking defenses since at least 2008.
One of the significant benefits of Chrome is its support of the Google software development process, which includes rapid updates and improvements to address security vulnerabilities. While the frequent updates and pace of change might be difficult for enterprises to manage, the auto-update functionality helps make updates more manageable.
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Protecting from these types of attacks requires securing the desktop and browsers in use and making major changes to the browsers. Switching to a different browser is not going to fix this issue because, as I mentioned, all of the major browsers are or were vulnerable to a clickjacking attack on specific websites. There are also costs involved with switching browsers that might outweigh the potential benefit. An anti-malware tool or intrusion protection system network device might provide protections against these attacks. Clickjacking attacks are also typically website and browser dependent, so if this is a potentially high risk in your environment, the website in question could be blocked or restricted to only allow access to certain Web browsers via a Web proxy.
Dig Deeper on Web Browser Security
Related Q&A from Nick Lewis
Conficker malware was found in a German nuclear power plant computer system. Expert Nick Lewis explains the possible impact of malware infections of ...continue reading
OneSoftPerDay, an adware program can install backdoors on PCs, is able to avoid detection from antimalware tools. Expert Nick Lewis explains how to ...continue reading
The hot-patching feature in Windows servers is vulnerable to attacks from APT groups. Expert Nick Lewis explains what hot patching is and how to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.