BrowExt - ClickJacking

👉 Overview

👀 What ?

BrowExt or Browser Extension ClickJacking is a type of UI redress attack, where an attacker tricks a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous objects, such as web pages.

🧐 Why ?

BrowExt is significant because it poses a serious threat to both individual and corporate data security. The technique can be used to steal user's personal details, credit card numbers, and other confidential information. To the untrained eye, the BrowExt attack can seem like a harmless action, making it a potent tool in the hands of cyber attackers.

⛏️ How ?

BrowExt exploits the transparency layers that exist between different applications on your screen. For example, an attacker might overlay a seemingly harmless button over a 'Delete all Messages' button in your email client. When you think you're clicking on 'See more kittens' you're actually deleting all of your emails. The key to avoiding BrowExt is to keep your browser and all other software up to date, use anti-virus software, and be cautious of what you click on.

⏳ When ?

The concept of ClickJacking and BrowExt has been known since the late 2000s. However, with the rise of sophisticated cyber-attacks and tools, it has gained more attention in recent years.

⚙️ Technical Explanations

BrowExt operates by manipulating the way user interfaces handle transparency and layering. It involves an attacker overlaying a transparent layer over a webpage's UI, tricking users into interacting with it when they believe they are interacting with the intended UI. The attacker can then capture the user's inputs, such as keystrokes, mouse clicks, or touch gestures, and use them to carry out unauthorized actions.

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.