Google is known for getting creative on April Fools' Day, but the search giant might have been too clever for its own good this year. That's because a little prank Google played on users could have actually caused big security issues on the site.
On April Fools' day this year, anyone could visit com.google (instead of the traditional google.com) to see a backwards version of the standard Web page. Normally, Google has parameters in place that would make this kind of thing impossible, but it removed them to play the prank. According to researchers from Netcraft, those parameters are also used to prevent click-jacking attacks.
Click-jacking is a clever hacker tool that places invisible links or buttons over a website's legitimate buttons. So, when you think you are clicking on something like "search" on Google, the hacker fools your browser into taking you to a different website. And you can bet that if a hacker tries to steer you to a different site, it's probably not for a good reason.
By changing its pages to make the backwards April Fools stunt work, Google could have put users at risk. Follow along for just a bit of techo details. Google normally uses something called "X-Frame-Options" to lock out other websites from showing anything over the Google page. But for the purpose of the April Fool's joke, Google turned X-Frame-Options so it could temporary display the backwards pages over the normal Google pages we are all so familiar with.
Click jackers could take advantage of this vulnerability to trick users into visiting specific pages, like those that are infected with malware.