Edit: My purpose was to confirm the bug has been "known" for awhile, not to take away credit for you reporting the bug years ago. Congrats for independently discovering it before many people (such as myself) became aware of it.
Well there you go, although I submitted it trough a different channel.
For sure, I think its a very important bug that hasn't had much attention for years now, especially since so many websites use _blank, GMail being one of them.
I get that linking from a "trusted site" to a "not trusted site" is probably of greater concern. But, this `noopener` does nothing to address a similar attack demonstrated here: http://lcamtuf.coredump.cx/switch/.
https://bugs.chromium.org/p/chromium/issues/detail?id=168988
which links to another issue from 2012.
Edit: My purpose was to confirm the bug has been "known" for awhile, not to take away credit for you reporting the bug years ago. Congrats for independently discovering it before many people (such as myself) became aware of it.