(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Google will add a new security to Chrome that will make opening pages in a new tab safer.
The vulnerability Google is fixing is called ‘tab-nabbing’, which is a type of web attack where newly opened tabs can hijack the original tab from where they were opened.
While tab-nabbing is a broad class of hijack attacks, Google is addressing a particular issue.
This refers to a situation when a user clicks on a link and that link opens in a new tab. The new tabs that have access to the original page can be exploited by running a Java script function that will modify the original page.
The new page opened on the new tab will be a legitimate page, however, the original page that the user left will be redirected to a malicious page. This could be used to launch a phishing attack and steal personal and payment information of the user.
To address this threat, browser-makers like Apple, Google, and Mozilla created rel=”nooper” attribute. Security researchers over the years have asked website owners to add the attribute to block tab-nabbing attacks.
Apple and Mozilla in 2018, integrated the attribute to automatically add it in Safari and Firefox respectively.
The new feature will roll out with Chrome 88, which is scheduled to release in January 2021.
Google will add the new tab-nabbing protection to other Chromium-based browsers as well, including Edge, Opera, Vivaldi and Brave.