Google is bringing Chrome in line with the likes of Safari and Firefox by introducing a security feature that will help to protect users against tab hijacking, according to TechRadar. A technique known as tab-nabbing is used in various attacks, including phishing campaigns that redirect victims to malicious sites, but it can be avoided if websites are coded in a particular way. With Chrome 88, Google is taking steps to offer protection against a particular variant of this threat – an exploit takes advantage of the fact that when a link is opened in a new tab using the attribute target=_blank, the new tabs retains access to the original page. If a website uses the rel=”noopener” attribute, this exploit is stopped in its tracks, but not all sites do this – especially older ones that are no longer being maintained. Google is finally going to start automatically using rel=”noopener” for any newly opened tab, just as already happens in Firefox and Safari. It’s not clear quite why it has taken Google so long to catch up with other browser; Mozilla and Apple introduced measures to counter tab-nabbing way back in 2018.

Experts Comments

November 13, 2020
Jake Moore
Cybersecurity Specialist
ESET
Tabnabbing is a rare but possible phishing technique in which malicious actors can take advantage of open, inactive browser tabs and change the URL. This, in turn, could lead to credentials being stolen if the victim is unaware of the page they are on. It is vital to keep your browser auto-updated, check all URLs, and stay aware of new vulnerabilities that cybercriminals are constantly trying to exploit.
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.