Google Chrome Will Get New Feature to Stop JavaScript Based ‘Tab-Napping’ Attacks: Report

Google Chrome Canary, the version of Chrome for developers, already got this feature.

By Vineet Washington | Updated: 10 November 2020 17:22 IST

Google Chrome is said to get this feature in January next year

Highlights

Google Chrome will become more secure when opening links in new tabs
Google Chrome will get ‘tab-napping’ prevention in January 2021
The feature has already made its way to Chrome Canary

Google Chrome is getting a new feature that improves security for pages that open in a new tab, says a report. The vulnerability Google is fixing, is a kind of ‘tab-napping' where a page would be opened in legitimate tab, and your original page would be redirected. The new page would open a legitimate page, but the page you left would still be accessible and would redirect to a malicious page that could harm your computer or be used to phish you for passwords or payment information.

A report by Bleeping Computer states that to prevent ‘tab-napping', a new attribute called rel=”noopener” has been created that stops the newly opened tab from using JavaScript, preventing it from further redirecting user to a different URL.

As per the report, a note by Microsoft Edge developer Eric Lawrence states, “To mitigate ‘tab-napping' attacks, in which a new tab/ window opened by a victim context may navigate that opener context, the HTML standard changed to specify that anchors that target_blank should behave as if |rel=”noopener”| is set. A page wishing to opt out of this behavior may set |rel=”opener”|.”

The report adds that this feature has been added to Chrome Canary — Chrome's experimental model primarily for developers — and will make its way to the stable public version by January next year.

Back in 2018, Apple and Mozilla made some changes to Safari and Firefox to make links more secure, according to the report. It added a function that automatically added the ‘noopener' attribute to links that had target=”_blank” in them. Here, the browser automatically secured the URLs that don't have ‘noopener' attribute in them.

Last week, Eric Lawrence brought this feature to Chromium which means that it will be added to Microsoft Edge, Google Chrome, Brave, and other Chromium-based browsers.

Which is the best TV under Rs. 25,000? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.