Skip to main content

Chrome is finally getting a much-needed anti-hijacking feature

Google Chrome
(Image credit: Shutterstpck)

Google is bringing Chrome in line with the likes of Safari and Firefox by introducing a security feature that will help to protect users against tab hijacking.

A technique known as tab-nabbing is used in various attacks, including phishing campaigns that redirect victims to malicious sites. With Chrome 88 Google is taking steps to offer protection against a particular variant of this threat.

Tab-nabbing can be avoided if websites are coded in a particular way. The exploit takes advantage of the fact that when a links is opened in a new tab using the attribute target=_blank, the new tabs retains access to the original page.

More than this, the window.opener JavaScript function can be used to redirect push people to malicious site by modifying the original page. If a website uses the rel="noopener" attribute, this exploit is stopped in its tracks, but not all sites do this – especially older ones that are no longer being maintained.

Tab lockdown

Google is finally going to start automatically using rel="noopener" for any newly opened tab, just as already happens in Firefox and Safari. It's not clear quite why it has taken Google so long to catch up with other browser; Mozilla and Apple introduced measures to counter tab-nabbing way back in 2018.

The security update is due for inclusion in Chrome 88 which is set for release in January 2021. The same feature will also be making its way to other Chromium-based web browsers such as Edge and Opera, but exact release dates are not yet known.

Via ZDNet