Google is bringing Chrome in line with the likes of Safari and Firefox by introducing a security feature that will help to protect users against tab hijacking, according to TechRadar. A technique known as tab-nabbing is used in various attacks, including phishing campaigns that redirect victims to malicious sites, but it can be avoided if websites are coded in a particular way. With Chrome 88, Google is taking steps to offer protection against a particular variant of this threat – an exploit takes advantage of the fact that when a link is opened in a new tab using the attribute target=_blank, the new tabs retains access to the original page. If a website uses the rel=”noopener” attribute, this exploit is stopped in its tracks, but not all sites do this – especially older ones that are no longer being maintained. Google is finally going to start automatically using rel=”noopener” for any newly opened tab, just as already happens in Firefox and Safari. It’s not clear quite why it has taken Google so long to catch up with other browser; Mozilla and Apple introduced measures to counter tab-nabbing way back in 2018.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
