Google Chrome 1.0.154.43 ClickJacking Vulnerability
Aditya K Sood , SecNiche Security
No Native Check against Click Jacking. Check the Overwritten Event.
Clickjacking is a malicious software form that can seemingly take control of the links that an Internet browser displays
for various Web pages. Once that takes place, and once a user tries to click on that link, the user is taken to a site
that is unintended. In some cases, the user may be able to recognize this immediately; in other cases, the user may
be totally unaware of what took place.Once an infected ad has been loaded into your browser, your clipboard
(where you copy and paste text) becomes overwritten with a URL.
A vulnerability across a variety of browsers and platforms,
a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking
on a button that appears to perform another functionThe exploit may also take over your browser and visit
links without you knowing.
A clickjacked page tricks a user into performing undesired actions by clicking on a concealed
link. On a clickjacked page, the attackers show a set of dummy buttons, then load another page over it in a transparent layer. The
user thinks he is clicking the visible buttons, while he/she is actually performing actions on the hidden page.
The hidden page may
be an authentic page, and therefore the attackers can trick users into performing actions which the users never intended to do and
there is no way of tracing such actions later, as the user was genuinely authenticated on the other page.
Standard Definitions (Wikipedia , Quoted by Third Parties)
ClickJacking Paper
Clickjack The Target (http://www.yahoo.com) : (http://www.xssed.com)
Official Build 2200
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
AppleWebKit/525.13 (KHTML, like Gecko)
Chrome/1.0.154.43 Safari/525.13