Tabnapping Vulnerability in Edge Browser [Unpatched]
Hello Friends,
Recently, I found a bug in Edge browser which allows hackers to perform TabNapping attack because the browser doesn't support rel="noopener" tag.
If you don't know about tabnabbing or tabnapping, then visit this
https://www.hackerinside.me/2018/09/what-is-tabnabbing-and-tabnapping.html
PoC:
Open Edge browser and visit this post
[https://www.hackerinside.me/2019/01/tabnapping-vulnerability-in-edge.html]
Next, click on the link given below
[https://whitehatpentesting.000webhostapp.com/tabnabbing.html]
Your previous tab will be redirected to evil.com which proves the vulnerability.
You can also check this on Chrome and Firefox.
Prevention:
To prevent this, developer should use the complete tag ie rel="nofollow noopener noreferrer".
Hope Microsoft will fix this bug and other bugs in Future.
Comments
Post a Comment