Any website that uses target="_blank" on their links, allows user generated content and doesn't use the rel="noopener" attribute on their links (I'm looking at you Facebook, Twitter etc.
) is vulnerable to a scarily simple phishing attack.
For an example of this kind of attack, view this example that I've made: https://jamiefarrelly.
io/Rel-NoOpener-Example/ This Chrome extension is as simple as it gets, all it does is add "noopener noreferrer" to the rel attribute on all links on the pages that you're visiting so that you won't fall victim to this type of phishing attack.
Open source on Github https://github.
- Offered by Jamie Farrelly
- Average rating : 4.8 stars (loved it)
No Opener, No Phishers web extension integrated with the OffiDocs Chromium online