Google Chrome gets a new feature that increases security when clicking on links from web pages that open URLs in a new window or tab.
When inserting links into an HTML page, authors can include the
target="_blank" attribute that tells the browser to open the link in a new tab when clicked.
Make _blank attributes automatically use noopener
In 2018, to strengthen security, Apple made a change in Safari which processes all HTML links that use target = “_ blank” to automatically imply the noopener attribute as well. With this feature enabled, even if a website does not use rel = “nooopener” on its URLs, the browser will still secure them.
Last week Microsoft Edge developer Eric Lawrence added this same functionality at Chromium, which means it will also be integrated with Microsoft Edge, Google Chrome, Brave, and other Chromium-based browsers.
“To mitigate” tab-napping “attacks, in which a new tab / window opened by a victim context can navigate that open context, the HTML standard has changed to specify that anchors that target _blank should behave like if | rel = “noopener” | is set. A page wishing to disable this behavior can set | rel = “opener” | “, Lawrence said in an engagement in the Chromium browser.
This feature is currently enabled in Chrome Canary and is expected to be released with Chrome 88 in January 2021.