Developers have been frequently using this attribute to open a new webpage. But this attribute, though looks pretty simple, can create a major security threat to your application.
To prevent pages from misusing window.opener property, we use rel="noopener". This ensures that window.opener is assigned to NULL. This works in Chrome 49 and above, Opera 36 and above, Firefox 52 and above, Desktop Safari 10.1+ and iOS Safari 10.3+. Though for older browsers, rel="noreferrer" works pretty fine. So, as a combination, we can use rel="noopener noreferrer" attribute.
Also, remember, whenever we open a new window using window.open() property, we’re also vulnerable to this, so, its always advisable to reset the "opener" property.