Security News > 2020 > November > Google Chrome to block JavaScript redirects on web page URL clicks
Google Chrome is getting a new feature that increases security when clicking on web page links that open URLs in a new window or tab.
This attribute has a known security issue that allows the newly opened page to utilize javascript to redirect the original page to a different URL. This redirected URL can be anything the threat actor wants, including phishing pages or pages that automatically download malicious files.
In that case, the new page can use JavaScript to redirect our article to a phishing page asking for BleepingComputer credentials.
To prevent this from happening, a rel="Noopener" HTML link attribute was created that prevents a new tab from using JavaScript to redirect the page.
A page wishing to opt out of this behavior may set |rel="opener"|," Lawrence stated in a commit to the Chromium browser.
News URL
Related news
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)