Google Chrome to Get New Feature That Will Prevent ‘Tab-Napping’ Attacks Next Year

Google Chrome is said to be getting a new feature that makes pages that open in a new tab safer. According to a report, the vulnerability Google is fixing is a kind of ‘tab-napping,’ where a new page will open in a new tab, and the original page will be redirected to a malicious website. Here, the new page opened in a new tab will be a legitimate page, but the original page will redirect to a malicious link. The report said that the security issue allows newly-opened pages to utilise JavaScript to redirect the original page to a different URL, which could be a malicious link.

In order to prevent tab-napping, a new attribute called rel=”noopener” has been created that stops the newly-opened tabs from using JavaScript to redirect the page. The report also said that the same feature was added to chromium last week, which means all Chromium-based web browsers will be getting the new attribute. Microsoft Edge developer Eric Lawrence was quoted by the BlepingComputer report as saying that, “in order to mitigate ‘tab-napping’ attacks, in which a new tab/window opened by a victim context may navigate that opener context, the HTML standard changed to specify that anchors that target _blank should behave as if |rel=”noopener”| is set. A page wishing to opt out of this behavior may set |rel=”opener”|.”

The report said that the new feature has been added to Chrome Canary – the web browser’s experimental version for developers, and will be rolled out to the stable version by January next year.

Source link