This is just a variation of a trick that is as old as the internet. Most old attacks were using timing instead of double-clicking, usually by tricking the user to click on a bouncing monkey to win a price, instead hitting what was behind.
The real question is, how have browser vendors still not learned. Don't allow any clicks the first moments after a focus change.
alt Hacker News
This is just a variation of a trick that is as old as the internet. Most old attacks were using timing instead of double-clicking, usually by tricking the user to click on a bouncing monkey to win a price, instead hitting what was behind.
The real question is, how have browser vendors still not learned. Don't allow any clicks the first moments after a focus change.