Every year without fail, Google tries to prank its users on April Fool’s. This year there were a few attempts by Google and one them was changing its front page where the entire site had its text mirrored backwards as you can see in the image above. However it seems that while the prank might have been a simple one, it seems that it might have inadvertently broken the site’s security.
This is according to security researchers Netcraft who posted their findings last Friday. According to them, the creation of the prank led to Google omitting a crucial header in their code that would have prevented hackers from clickjacking attacks. Without the code, it left it open for attack although thankfully it does not seem that hackers were aware or have taken advantage of it.
Netcraft writes, “A remote attacker could also have leveraged this “feature” to display the Google Search Settings page in an iframe on an external domain, and trick his victims into unwittingly changing those settings. A carefully constructed clickjacking attack could have gone unnoticed by each victim until it was too late and the settings had already been changed.” The researchers also reached out to Google who presumably has since addressed the issue. Close call, Google!
Filed in ..