Independent security researchers have disclosed a vulnerability in current versions of the Google Chrome Web browser (versions 1.0.154.43 and earlier) and Mozilla’s popular Firefox (version 3.05) which could allow cyber crooks to ‘clickjack’ unwitting surfers.
Clickjacking, in essence, redirects clicks a visitor makes on one Web site (usually a legitimate one that has been hacked and had malicious code inserted without the page owner’s knowledge) and redirects them to another, malicious site.
“Attackers can trick users into performing actions which the users never intended to do and there is no way of tracking such actions later,” researcher Aditya K. Sood said in his official disclosure of the Chrome/Firefox flaw.
Late yesterday, Google reps confirmed that they are working on a Chrome fix for the clickjacking flaw and noted that Google was unaware at that time of any actual attacks ‘in the wild’ exploiting the vulnerability.
No word, as yet, from Mozilla on a Firefox fix. However, Firefox users should be advised automatically by Mozilla when an update is available.