close
close

Fleurdaya

Bringing You the Latest News, Insights, and Stories That Matter

Don’t Click Twice: New Chrome, Edge and Safari Hack Attack Warning

Don’t Click Twice: New Chrome, Edge and Safari Hack Attack Warning

Sakege08 mins

Update, January 4, 2025: This story, originally published on January 3, now includes additional information on the double-click hacking threat, along with commentary from a security expert on how such hacking attacks are evolving.

Hundreds of millions of web users have been warned about a dangerous new cyber attack that doesn’t matter what browser you use, as long as you click twice. Here you will find everything you need to know about the double click hacking attack.

ForbesCritical Gmail Warning: Don’t Click Yes to These Google Security AlertsBy David Winder

Warning not to click twice as new hacking attack is confirmed

Paulos Yibelo, application security researcher and offensive client-side exploits, with a long history of discovering vulnerabilities and new security threats, has revealed what could be the most powerful new attack methodology of all: anyone using a web browser. In a blog post detailing what is known as double click hijackingYibelo describes in technical detail how hackers can compromise your credentials when you double-click in Chrome, Edge, Safari, or almost any web browser client.

This entirely new threat surface is exposed by the fact that hackers can trick the user of almost any website and almost any web browser into clicking on something without even realizing they are doing so. It is a new version of the old clickjacking attack that used various methods to get users to click on hidden or obfuscated web page elements. Clickjacking became obsolete when browser developers built protections into their software to prevent that type of attack. However, double clickjacking bypasses these protections by adding another layer of attack that relies on the timing of the double mouse click to get the victim to validate a login or something. other account authorization while they think they are clicking on something else, like a CAPTCHA, that is on the screen at that moment. The TL;DR, in other words, is that a new window opens and the user is prompted to double-click a message while, in the blink of an eye, the hacker switches the context to a completely different window.

I reached out to Apple, Google and Microsoft for a statement.

ForbesGmail security threat confirmed and Google won’t fix it: here’s whyBy David Winder

Why the Double Clickjack trick is so dangerous

“While it may seem like a small change,” Yibelo said, double clickjacking “opens the door to new user interface manipulation attacks that bypass all known protections against clickjacking” and “apparently affects almost all websites.” , leading to account takeovers on many major platforms.” ” Yibelo highlighted the following reasons why the hacking attack is so dangerous:

  • It can bypass existing protections against clickjacking.
  • It can affect more than just websites, with attacks on crypto wallets and smartphones being possible.
  • It’s a whole new attack surface that hackers can exploit.
  • All websites are, by default, vulnerable to this hacking attack.
  • It only requires the target to double click, nothing more.

“DoubleClickjacking is a sleight of hand on a well-known attack class,” said Yibelo, “by exploiting the event time between clicks, attackers can seamlessly swap benign UI elements for sensitive ones in the blink of an eye.” of eyes”. This means developers and security teams need to tighten their control over embedded or opener-based windows and be more attentive to things like multiple click patterns.

ForbesNew Urgent Email Hacking Warning: Passwords and Email Contents ExposedBy David Winder

Evolution of hacking attacks creates additional challenges for defenders

Unsurprisingly, reports about this double-click attack exploit have created a lot of concern among both users and cybersecurity professionals. “The marginal declines in ransomware and malware over the past year,” said Spencer Starkey, executive vice president at network security and content control provider SonicWall, “shouldn’t fool people; hackers have simply changed their tactics.” There is no doubt that cyber attacks are constantly evolving, the proof is in front of you in both articles I write here on Forbes.com and the exploits of which so many are victims. “Due to the speed at which new attacks are created, they are more adaptable and difficult to detect,” Starkey said, “which poses an additional challenge for cybersecurity professionals.” From a high-level business perspective, this means looking to constantly monitor your networks for suspicious activity. “The sooner teams can detect a potential problem,” Starkey concluded, “the lower the risk of an attack.”

When it comes to attack mitigation, Yibelo said: “I have reported this issue on a few sites and the results have been mixed. “Most have chosen to address it, while some have chosen not to.” As for end users, the advice for now is not to click twice if you want to ensure that you do not fall victim to this new hacking attack until in-browser mitigations are available.

ForbesCritical Google Chrome warning for millions as hackers attackBy David Winder

Related News

Back To Top