Google is bringing Chrome in line with the likes of Safari and Firefox by introducing a security feature that will help to protect users against tab hijacking, according to TechRadar. A technique known as tab-nabbing is used in various attacks, including phishing campaigns that redirect victims to malicious sites, but it can be avoided if websites are coded in a particular way. With Chrome 88, Google is taking steps to offer protection against a particular variant of this threat – an exploit takes advantage of the fact that when a link is opened in a new tab using the attribute target=_blank, the new tabs retains access to the original page. If a website uses the rel=”noopener” attribute, this exploit is stopped in its tracks, but not all sites do this – especially older ones that are no longer being maintained. Google is finally going to start automatically using rel=”noopener” for any newly opened tab, just as already happens in Firefox and Safari. It’s not clear quite why it has taken Google so long to catch up with other browser; Mozilla and Apple introduced measures to counter tab-nabbing way back in 2018.
Experts Comments
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Jake Moore, Cybersecurity Specialist, provides expert commentary at @Information Security Buzz.
"It is vital to keep your browser auto-updated, check all URLs...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/what-expert-says-on-chrome-adding-anti-hijacking-feature
Facebook Message
@Jake Moore, Cybersecurity Specialist, provides expert commentary at @Information Security Buzz.
"It is vital to keep your browser auto-updated, check all URLs...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/what-expert-says-on-chrome-adding-anti-hijacking-feature