Security News > 2020 > November > Google Chrome to block JavaScript redirects on web page URL clicks
Google Chrome is getting a new feature that increases security when clicking on web page links that open URLs in a new window or tab.
This attribute has a known security issue that allows the newly opened page to utilize javascript to redirect the original page to a different URL. This redirected URL can be anything the threat actor wants, including phishing pages or pages that automatically download malicious files.
In that case, the new page can use JavaScript to redirect our article to a phishing page asking for BleepingComputer credentials.
To prevent this from happening, a rel="Noopener" HTML link attribute was created that prevents a new tab from using JavaScript to redirect the page.
A page wishing to opt out of this behavior may set |rel="opener"|," Lawrence stated in a commit to the Chromium browser.
News URL
Related news
- Google Chrome’s AI feature lets you quickly check website trustworthiness (source)
- Google Chrome uses AI to analyze pages in new scam detection feature (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)
- Google says new scam protection feature in Chrome uses AI (source)