Chrome 27 Fixes Clickjacking Hole

Monday, June 24, 2013 @ 11:06 AM gHale


Google fixed a clickjacking vulnerability in Flash Player, fixed by Adobe quite a while ago,that could still end up leveraged in Chrome to hijack users’ webcams and microphones.

Google fixed the issue with the release of the latest stable channel update for Chrome.

RELATED STORIES
Stealing a Webcam
Adobe Fills Hole in Flash, AIR
Adobe in Patch Mode
PDF Hole Used in APT Attacks

Chrome 27.0.1453.116 for Windows, Macintosh and Chrome Frame platforms addresses the security hole that attackers could use to trick users into allowing them to access the target’s webcam and microphone.

A proof-of-concept published by security researcher Egor Homakov showed an attacker could trick users into pressing the “Allow” button in the Flash Player settings window.

The Flash plugin clickjacking vulnerability fixed in the latest version of Chrome allowed an attacker to make the settings window transparent.



Leave a Reply

You must be logged in to post a comment.