A researcher published the Google Chrome clickjacking vulnerability PoC last week. Clickjacking occurs when an attacker places an invisible button just above the viewable content of the web page. The attacker then waits for the user to mistakenly click the button. Once the user has clicked the infected button, they unknowingly can be forced into actions not otherwise intended.
Aditya Sood, the researcher, said that Microsoft attempted to fix the clickjacking issue in IE8 and this drove him to examine whether the problem exists elsewhere. Google as well announced that it was working on a permanent fix.
To avoid the possibility of clickjacking, users should remember to log out of all websites when they finish and to delete periodically their cookie files to ensure proper logout.
To reduce the potential dangers to clickjacking, users can apply to version 10 of Adobe Flash and if browsing with Firefox, install the NoScript plugin, as said Jeremiah Grossman, founder and CTO of web security firm WhiteHat Security. Soon after, Adobe fixed defect, which could have given an attacker access to a victim's webcam and microphone.
EcommerceJournal
