Target="_blank" - the most underestimated vulnerability ever by Alex Yumashev · Updated Aug 25 2021 People using target='_blank' links usually have no idea about this curious fact: The linked page gains partial access to the linking page via the window.opener object. The newly opened tab can then change the window.opener.location to some phishing page. Users trust the page that is already opened,