Description
Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue.
CVSS Metrics
- Vector
- AV:N/AC:M/Au:N/C:N/I:P/A:N
- Access Vector
- network
- Access Cmplx
- medium
- Auth
- none
- Confidentiality
- none
- Integrity
- partial
- Availability
- none
- Weaknesses
- NVD-CWE-Other
Metadata
- Primary Vendor
- Published
- 1/30/2009
- Last Modified
- 4/9/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
google : chrome
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.