Security researcher Mariusz Mlynski reported that when a
page opens a new tab, a subsequent window can then be opened that can be
navigated to about:newtab
, a chrome privileged page. Once
about:newtab
is loaded, the special context can potentially be used
to escalate privilege, allowing for arbitrary code execution on the local system
in a maliciously crafted attack.