How serious is the fallout from the Google Chrome clickjacking vulnerability? Is there a mitigation that can be...
put in place to avoid serious issues stemming from this vulnerability, or should users consider switching to another browser?
Clickjacking is where malicious code is hidden on a webpage, which gives the impression that a user is clicking on a legitimate link instead of something malicious. The clickjacking vulnerability in Google Chrome was recently identified by security researcher Luca De Fulgentis on support.google.com. The vulnerability allowed a malicious webpage with the exploit code for the clickjacking vulnerability to extract potentially sensitive data from Chrome like email address. This Google Chrome vulnerability is a serious issue, but all of the major Web browsers have suffered clickjacking vulnerabilities at some point. Microsoft, Google and other browser vendors have been working on clickjacking defenses since at least 2008.
One of the significant benefits of Chrome is its support of the Google software development process, which includes rapid updates and improvements to address security vulnerabilities. While the frequent updates and pace of change might be difficult for enterprises to manage, the auto-update functionality helps make updates more manageable.
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Protecting from these types of attacks requires securing the desktop and browsers in use and making major changes to the browsers. Switching to a different browser is not going to fix this issue because, as I mentioned, all of the major browsers are or were vulnerable to a clickjacking attack on specific websites. There are also costs involved with switching browsers that might outweigh the potential benefit. An anti-malware tool or intrusion protection system network device might provide protections against these attacks. Clickjacking attacks are also typically website and browser dependent, so if this is a potentially high risk in your environment, the website in question could be blocked or restricted to only allow access to certain Web browsers via a Web proxy.
Dig Deeper on Web Browser Security
Related Q&A from Nick Lewis
MedSec and Muddy Waters Capital revealed serious flaws in IoT medical devices manufactured by St. Jude Medical. Expert Nick Lewis explains the ...continue reading
RIPPER malware has been found responsible for the theft of $378,000 from ATMs in Thailand. Expert Nick Lewis explains how this ATM malware works.continue reading
Researchers found that facial recognition systems can be bypassed with 3D models. Expert Nick Lewis explains how these spoofing attacks work and what...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.