An update to the Chrome browser will soon introduce increased security when clicking on web page links. Normally, when a web developer inserts a link into a page, they can add the attribute
target="_blank" to force the link to open in a new tab or window. It can be a convenient way to link their readers to external content without driving them away from their website, but it also provides an opportunity for threat actors to redirected Chrome users to potentially malicious URLs.
target="_blank" to behave as
rel="noopener" by default. Noopener is an attribute that was created several years ago and was implemented by Apple and Microsoft in their browsers to prevent users from secretly being taken advantage of. While Chrome web devs could hand-code this into their links all along, it’s never been automated on their behalf until now.
If you’re a regular Chrome user, this simply means that you will passively benefit from an important and welcome security enhancement that will be mostly invisible during your day to day browsing. The feature is already live in Chrome Canary, but everyone else will have to wait until Chrome 88 drops in January. Developers who wish to opt-out of using the automatic “noopener” can specify
|rel="opener"| for their links instead.