Google is bringing Chrome in line with the likes of Safari and Firefox by introducing a security feature that will help to protect users against tab hijacking, according to TechRadar. A technique known as tab-nabbing is used in various attacks, including phishing campaigns that redirect victims to malicious sites, but it can be avoided if websites are coded in a particular way. With Chrome 88, Google is taking steps to offer protection against a particular variant of this threat – an exploit takes advantage of the fact that when a link is opened in a new tab using the attribute target=_blank, the new tabs retains access to the original page. If a website uses the rel=”noopener” attribute, this exploit is stopped in its tracks, but not all sites do this – especially older ones that are no longer being maintained. Google is finally going to start automatically using rel=”noopener” for any newly opened tab, just as already happens in Firefox and Safari. It’s not clear quite why it has taken Google so long to catch up with other browser; Mozilla and Apple introduced measures to counter tab-nabbing way back in 2018.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
November 13, 2020 1:04 pm

Tabnabbing is a rare but possible phishing technique in which malicious actors can take advantage of open, inactive browser tabs and change the URL. This, in turn, could lead to credentials being stolen if the victim is unaware of the page they are on. It is vital to keep your browser auto-updated, check all URLs, and stay aware of new vulnerabilities that cybercriminals are constantly trying to exploit.

Last edited 1 year ago by Jake Moore
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x