Security News > 2020 > November > Google Chrome to block JavaScript redirects on web page URL clicks
Google Chrome is getting a new feature that increases security when clicking on web page links that open URLs in a new window or tab.
This attribute has a known security issue that allows the newly opened page to utilize javascript to redirect the original page to a different URL. This redirected URL can be anything the threat actor wants, including phishing pages or pages that automatically download malicious files.
In that case, the new page can use JavaScript to redirect our article to a phishing page asking for BleepingComputer credentials.
To prevent this from happening, a rel="Noopener" HTML link attribute was created that prevents a new tab from using JavaScript to redirect the page.
A page wishing to opt out of this behavior may set |rel="opener"|," Lawrence stated in a commit to the Chromium browser.
News URL
Related news
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Google Chrome is making it easier to share specific parts of long PDFs (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google launches customizable Web Store for Enterprise extensions (source)
- Google to kill Chrome Sync on older Chrome browser versions (source)