Status: Unconfirmed Owner: ---- Labels: Type-Bug Pri-2 OS-All Area-Misc New issue 7280 by hirsch.will: Security/feature: Show form action when hovering submit buttons http://code.google.com/p/chromium/issues/detail?id=7280
Chrome Version : 2.0.159.0 URLs (if applicable) : http://qd9.co.uk/temp/ClickJackEg.html Other browsers tested: Add OK or FAIL after other browsers where you have tested this issue: Safari 3: FAIL Firefox 3: FAIL IE 7: FAIL The above demonstrates a fairly straightforward exploit that allows "clickjacking" to interact in unsolicited ways with Twitter. Vulnerabilities like this would be reduced if, like when hovering over a hyperlink, hovering the submit button for a form like this showed the URL that it's about to submit to. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---