target="_blank" attribute in HTML, used from Facebook to Google, is
susceptible to a massive phishing vulnerability.
When using this attribute, developers or hackers can gain access to the new
page in the
window.opener object. This allows malicious users to execute
window.opener.location, etc. This also works
Say I have a link on my Facebook page pointing back to my website.
This essentially gives me control over aspects of the referring page, in this case, the referring page was none other than Facebook.
rel='noopener' for Chrome, Safari, Opera, IE.
rel='noopener noreferrer' for Firefox.
This actually can lead to more than just phishing attacks, not to say that changing the url of your banking site without you knowing in order to gain access to your login credentials isn’t bad!
Since I now have access to the
window.opener object, I have partial access
to what was on the referring page - allowing me to gather more information
about the user who clicked through to the link, and perhaps steal some valuable
information from you if I’m good enough!
So far, this issue has been spotted on Facebook, Twitter, Instagram, and Google. All of which are heavy targets for phishing and privacy concerns.