• February 2, 2009

Security researchers have discovered a flaw exposing consumers using Google's Chrome Web browsers to clickjacking, a practice where fraudulent links on ads, video and text are substituted for legitimate.

The fraudulent links are tainted with well-crafted HTML or JavaScript code, forcing a Web browser to send an HTTP request to a site they choose, according to security experts.

Aditya K Sood at SecNiche found the flaw and posted the findings on Bugtraq. A Google spokesperson acknowledged the flaw and notes that clickjacking is a larger issue that affects all browsers, not just Google Chrome.

"The issue is tied to the way the Web and Web pages were designed to work, and there is no simple fix for any particular browser," the Google spokesperson said. Google is working to fix the problem. The vulnerability also has affected Mozilla's Firefox 3.0.5.--Laurie Sullivan