Security News > 2020 > November > Google Chrome to block JavaScript redirects on web page URL clicks
Google Chrome is getting a new feature that increases security when clicking on web page links that open URLs in a new window or tab.
This attribute has a known security issue that allows the newly opened page to utilize javascript to redirect the original page to a different URL. This redirected URL can be anything the threat actor wants, including phishing pages or pages that automatically download malicious files.
In that case, the new page can use JavaScript to redirect our article to a phishing page asking for BleepingComputer credentials.
To prevent this from happening, a rel="Noopener" HTML link attribute was created that prevents a new tab from using JavaScript to redirect the page.
A page wishing to opt out of this behavior may set |rel="opener"|," Lawrence stated in a commit to the Chromium browser.
News URL
Related news
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)