news 
Don’t Click Twice—New Chrome, Edge, Safari Hack Attack Warning
In a recent discovery, cybersecurity researchers have exposed a new hack attack technique called “double clickjacking” that can exploit vulnerabilities in website login credentials and other sensitive information. This technique is particularly concerning as it allows attackers to manipulate the timing of clicks to trick users into performing unintended actions.
According to Yibelo, this technique works by opening an embedded window or popup on top of a legitimate website, making it appear as if you are still interacting with the original site when in fact you are being manipulated. This can lead to devastating consequences such as account takeovers and unauthorized transactions.
The double clickjacking hack attack is not limited to any specific browser, including Google Chrome, Microsoft Edge, or Apple Safari. In fact, all websites that support OAuth (Open Authorization) are vulnerable to this type of attack. This means that almost every major website with an API is at risk.
In the first scenario, attackers can trick users into authorizing a malicious application with extensive privileges, leading to account takeovers and other nefarious activities. The second example highlights how double clickjacking can be used to manipulate user interface elements, allowing attackers to make unauthorized changes to user accounts or perform transactions without their knowledge or consent.
The evolution of hack attacks is creating new challenges for cybersecurity professionals as hackers adapt to existing security measures by finding new ways to exploit vulnerabilities. This means that it’s essential for developers and security teams to tighten control over embedded windows and be more vigilant about monitoring for multi-click patterns.
In the meantime, end users should exercise extreme caution when interacting with websites that support OAuth. Avoid clicking twice on any prompts or alerts you receive from these sites until browser-based mitigations become available.
By: Davey Winder
Source: www.forbes.com
