Chrome 65 and the target='_blank' vulnerability

In a blog post about new user protection features coming to Chrome in future versions, Ryan Schoen mentions this update scheduled for Chrome 65 which should prevent the target='_blank' vulnerability known as “tabnabbing”:

When the user interacts with content, things can also go wrong. One example that causes user frustration is when clicking a link opens the desired destination in a new tab, while the main window navigates to a different, unwanted page. Starting in Chrome 65 we’ll also detect this behavior, trigger an infobar, and prevent the main tab from being redirected. This allows the user to continue directly to their intended destination, while also preserving the context of the page they came from.

If you’re unfamiliar with tabnabbing, a non-malicious demo along with recommendations on how to prevent the attack can be found here; here’s a nice concise write up about the attack too.

Thanks for reading! If you liked this post, you may like others archived in: Security. You can keep up to date with new posts by subscribing to the RSS Feed or by following me on