• Skip to primary navigation
  • Skip to main content

Chrome Unboxed - The Latest Chrome OS News

A Space for All Things Chrome, Google, and More!

  • News
  • Reviews
  • Unboxing
  • Chromebooks
  • Upcoming
  • Deals
  • Tips
  • Podcast
  • Home
  • Gaming
  • SEARCH
You are here: Home / Chrome / Google Chrome will soon block JavaScript redirects when clicking web links
Google Chrome will soon block JavaScript redirects when clicking web links

Google Chrome will soon block JavaScript redirects when clicking web links

November 16, 2020 By Michael Perrigo Leave a Comment

An update to the Chrome browser will soon introduce increased security when clicking on web page links. Normally, when a web developer inserts a link into a page, they can add the attribute target="_blank" to force the link to open in a new tab or window. It can be a convenient way to link their readers to external content without driving them away from their website, but it also provides an opportunity for threat actors to redirected Chrome users to potentially malicious URLs.

When clicked, the user’s traffic could be manipulated by hackers using JavaScript to bring them to a page that automatically downloads a malicious file to their computer or to a phishing site that imitates an official source in hopes that they will input their credentials. This is often-times referred to as “tab-napping” and can lead to some pretty serious consequences for those who aren’t sure what to look out for. The new update to Chrome will instead force target="_blank" to behave as rel="noopener" by default. Noopener is an attribute that was created several years ago and was implemented by Apple and Microsoft in their browsers to prevent users from secretly being taken advantage of. While Chrome web devs could hand-code this into their links all along, it’s never been automated on their behalf until now.

If you’re a regular Chrome user, this simply means that you will passively benefit from an important and welcome security enhancement that will be mostly invisible during your day to day browsing. The feature is already live in Chrome Canary, but everyone else will have to wait until Chrome 88 drops in January. Developers who wish to opt-out of using the automatic “noopener” can specify |rel="opener"| for their links instead.

Chrome bug report about noopener
Monorail
Get Alerted About New Posts On
Your Schedule
Sign Up For The Official Chrome Unboxed Newsletter
Latest Posts
  • Enterprise and G Suite for Education are dead. Long live Google Workspace for Education
  • Youtube TV is adding 4K streaming, additional screens, and more for a cost
  • Samsung Galaxy Chromebook 2 gets unboxed…by Samsung [VIDEO]
  • Icon surfaces for upcoming Chrome OS screen mirroring tool ‘Eche’

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Filed Under: Chrome, Chrome OS, New & Upcoming Features, News

About Michael Perrigo

Think. Tinker. Dominate. Game developer and author. Must learn something new every day. I have a passion for the mobile games industry and where it's headed. I enjoy working out and eating delicious food to counteract my progress.

TWITTER | FACEBOOK | INSTAGRAM | YOUTUBE | EMAIL | ABOUT

Copyright © 2021 · Chrome Unboxed · Chrome is a registered trademark of Google Inc.
We are participants in various affiliate advertising programs designed to provide a means for us to earn fees by linking to affiliated sites.

GET EMAIL UPDATES

Privacy Policy

  • Reviews
  • Editorial
  • About