Google Chrome to Get New Feature That Will Prevent 'Tab-Napping' Attacks Next Year

Google Chrome.

Google Chrome.

The new attribute has been added to Chrome Canary, and will be rolled out for the standard version by January next year.

Google Chrome is said to be getting a new feature that makes pages that open in a new tab safer. According to a report, the vulnerability Google is fixing is a kind of 'tab-napping,' where a new page will open in a new tab, and the original page will be redirected to a malicious website. Here, the new page opened in a new tab will be a legitimate page, but the original page will redirect to a malicious link. The report said that the security issue allows newly-opened pages to utilise JavaScript to redirect the original page to a different URL, which could be a malicious link.

In order to prevent tab-napping, a new attribute called rel="noopener" has been created that stops the newly-opened tabs from using JavaScript to redirect the page. The report also said that the same feature was added to chromium last week, which means all Chromium-based web browsers will be getting the new attribute. Microsoft Edge developer Eric Lawrence was quoted by the BlepingComputer report as saying that, "in order to mitigate 'tab-napping' attacks, in which a new tab/window opened by a victim context may navigate that opener context, the HTML standard changed to specify that anchors that target _blank should behave as if |rel="noopener"| is set. A page wishing to opt out of this behavior may set |rel="opener"|."

The report said that the new feature has been added to Chrome Canary - the web browser's experimental version for developers, and will be rolled out to the stable version by January next year.

Next Story