Surely many people here have heard of the security attack Clickjacking, right? The attacker usually embeds a website (often the target) in an iframe on their website, then they make it opaque or hide it and position it over buttons on the web, for example, 'Click here to receive a gift.' Who would have guessed that above that button is another button in the iframe? Quite dangerous!

But browsers have ways to prevent this type of attack with rules such as the X-Frame-Options header, frame-ancestors of CSP, and SameSite: Lax/Strict of Cookies...

Recently, a new type of attack has emerged - 'DoubleClickjacking' 😨. Essentially, 'it' exploits the double click action to trick users into clicking a button that it wants. More details in this article: DoubleClickjacking: A New Era of UI Redressing.