📚 Adding target="_blank" to Your Links Opens the Door for Phishing Attacks
💡 Newskategorie: IT Security Nachrichten
🔗 Quelle: news.softpedia.com
Some major Internet services are exposing their users to phishing attacks by using the target="_blank" attribute inside links in an unsafe manner. There have been numerous reports in the past about the dangers of using the target="_blank" attribute, dating back to as far as 2014, and some even with attention-grabbing titles such as Target="_blank" - the most underestimated vulnerability ever. The "reverse tabnabbinb" attack The concept behind this flaw is that when users click on a link on a website that uses the target="_blank" attribute, the browser opens a new tab for the link, but also, for a very brief moment, allows the new tab to communicate with the original tab using a browser feature called the window.opener API. An attacker can place malicious ... ...