Google Chrome Will Get New Feature to Stop JavaScript Based ‘Tab-Napping’ Attacks: Report

0

Google Chrome is getting a new feature that improves security for pages that open in a new tab, says a report. The vulnerability Google is fixing, is a kind of ‘tab-napping’ where a page would be opened in legitimate tab, and your original page would be redirected. The new page would open a legitimate page, but the page you left would still be accessible and would redirect to a malicious page that could harm your computer or be used to phish you for passwords or payment information.

A report by Bleeping Computer states that to prevent ‘tab-napping’, a new attribute called rel=”noopener” has been created that stops the newly opened tab from using JavaScript, preventing it from further redirecting user to a different URL.

As per the report, a note by Microsoft Edge developer Eric Lawrence states, “To mitigate ‘tab-napping’ attacks, in which a new tab/ window opened by a victim context may navigate that opener context, the HTML standard changed to specify that anchors that target_blank should behave as if |rel=”noopener”| is set. A page wishing to opt out of this behavior may set |rel=”opener”|.”

The report adds that this feature has been added to Chrome Canary — Chrome’s experimental model primarily for developers — and will make its way to the stable public version by January next year.

Back in 2018, Apple and Mozilla made some changes to Safari and Firefox to make links more secure, according to the report. It added a function that automatically added the ‘noopener’ attribute to links that had target=”_blank” in them. Here, the browser automatically secured the URLs that don’t have ‘noopener’ attribute in them.

Last week, Eric Lawrence brought this feature to Chromium which means that it will be added to Microsoft Edge, Google Chrome, Brave, and other Chromium-based browsers.


Which is the best TV under Rs. 25,000? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.

 

FOLLOW us ON GOOGLE NEWS

 

Source

Get real time updates directly on you device, subscribe now.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More