Google Chrome clickjacking vulnerability: Time to switch browsers?

Expert Nick Lewis explains the Google Chrome clickjacking vulnerability, including why avoiding the issue isn't as simple as switching browsers.

How serious is the fallout from the Google Chrome clickjacking vulnerability? Is there a mitigation that can be...

put in place to avoid serious issues stemming from this vulnerability, or should users consider switching to another browser?

Ask the Expert

Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)

Clickjacking is where malicious code is hidden on a webpage, which gives the impression that a user is clicking on a legitimate link instead of something malicious. The clickjacking vulnerability in Google Chrome was recently identified by security researcher Luca De Fulgentis on support.google.com. The vulnerability allowed a malicious webpage with the exploit code for the clickjacking vulnerability to extract potentially sensitive data from Chrome like email address. This Google Chrome vulnerability is a serious issue, but all of the major Web browsers have suffered clickjacking vulnerabilities at some point. Microsoft, Google and other browser vendors have been working on clickjacking defenses since at least 2008.

One of the significant benefits of Chrome is its support of the Google software development process, which includes rapid updates and improvements to address security vulnerabilities. While the frequent updates and pace of change might be difficult for enterprises to manage, the auto-update functionality helps make updates more manageable.

Protecting from these types of attacks requires securing the desktop and browsers in use and making major changes to the browsers. Switching to a different browser is not going to fix this issue because, as I mentioned, all of the major browsers are or were vulnerable to a clickjacking attack on specific websites. There are also costs involved with switching browsers that might outweigh the potential benefit. An anti-malware tool or intrusion protection system network device might provide protections against these attacks. Clickjacking attacks are also typically website and browser dependent, so if this is a potentially high risk in your environment, the website in question could be blocked or restricted to only allow access to certain Web browsers via a Web proxy.

This was first published in June 2013

Dig Deeper on Web Browser Security



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: