Chrome to block tab-nabbing attacks
Google will deploy a new security feature in Chrome next year to prevent tab-nabbing, a type of web attack that allows newly opened tabs to hijack the original tab from where they were opened.
The new feature is scheduled to go live with Chrome 88, to be released in January 2021.
This scenario refers to situations when users click on a link, and the link opens in a new tab (via the “target=_blank” attribute).
For the past few years, security researchers and top web developers have constantly advocated that website owners add the rel=”noopener” to all the links where they also used the “target=_blank” attribute as a way to block tab-nabbing attacks [1, 2].
However, most of today’s websites end up abandoned, or website owners don’t have the time to keep up with the latest trends in web development and web security.
With Chrome 88, Google will be catching up with the two other major browser makers. Besides adding this feature in Chrome, the new tab-nabbing protection will also go be added to all the other Chromium-based browsers, such as Edge, Opera, Vivaldi, and Brave.