Security News > 2020 > November > Google Chrome to block JavaScript redirects on web page URL clicks
Google Chrome is getting a new feature that increases security when clicking on web page links that open URLs in a new window or tab.
This attribute has a known security issue that allows the newly opened page to utilize javascript to redirect the original page to a different URL. This redirected URL can be anything the threat actor wants, including phishing pages or pages that automatically download malicious files.
In that case, the new page can use JavaScript to redirect our article to a phishing page asking for BleepingComputer credentials.
To prevent this from happening, a rel="Noopener" HTML link attribute was created that prevents a new tab from using JavaScript to redirect the page.
A page wishing to opt out of this behavior may set |rel="opener"|," Lawrence stated in a commit to the Chromium browser.
News URL
Related news
- Google Chrome Beta Tests New DBSC Protection Against Cookie-Stealing Attacks (source)
- Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks (source)
- Google Chrome: Security and UI Tips You Need to Know (source)
- Google Chrome's new post-quantum cryptography may break TLS connections (source)
- Google Chrome is getting native support for YouTube-like video chapters (source)
- Google Chrome emergency update fixes 6th zero-day exploited in 2024 (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Google agrees to delete Chrome browsing data of 136 million users (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Google Cloud Next 2024: New Data Center Chip and Chrome Enterprise Premium Join the Ecosystem (source)