How serious is the fallout from the Google Chrome clickjacking vulnerability? Is there a mitigation that can be...
put in place to avoid serious issues stemming from this vulnerability, or should users consider switching to another browser?
Clickjacking is where malicious code is hidden on a webpage, which gives the impression that a user is clicking on a legitimate link instead of something malicious. The clickjacking vulnerability in Google Chrome was recently identified by security researcher Luca De Fulgentis on support.google.com. The vulnerability allowed a malicious webpage with the exploit code for the clickjacking vulnerability to extract potentially sensitive data from Chrome like email address. This Google Chrome vulnerability is a serious issue, but all of the major Web browsers have suffered clickjacking vulnerabilities at some point. Microsoft, Google and other browser vendors have been working on clickjacking defenses since at least 2008.
One of the significant benefits of Chrome is its support of the Google software development process, which includes rapid updates and improvements to address security vulnerabilities. While the frequent updates and pace of change might be difficult for enterprises to manage, the auto-update functionality helps make updates more manageable.
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Protecting from these types of attacks requires securing the desktop and browsers in use and making major changes to the browsers. Switching to a different browser is not going to fix this issue because, as I mentioned, all of the major browsers are or were vulnerable to a clickjacking attack on specific websites. There are also costs involved with switching browsers that might outweigh the potential benefit. An anti-malware tool or intrusion protection system network device might provide protections against these attacks. Clickjacking attacks are also typically website and browser dependent, so if this is a potentially high risk in your environment, the website in question could be blocked or restricted to only allow access to certain Web browsers via a Web proxy.
Dig Deeper on Web browser security
Related Q&A from Nick Lewis
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to ... Continue Reading
The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common... Continue Reading
A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.