Opened windows through normal hrefs with target="_blank" can modify window.opener.location and replace the parent webpage with something else, even on a different origin.
While this doesn't allow script execution, it does allow phishing attacks that silently replace the parent tab.
If the links lack of rel="noopener noreferrer" attribute, third party site can change the URL of source tab using window.opener.location.assign and trick the user as if he is still in a trusted page and lead him to enter his secret information or credentials to this malicious copy.
To prevent pages from abusing window.opener, use rel=noopener. This ensures window.opener is null in Chrome 49 and Opera 36.
For older browsers and in Firefox, you could use rel=noreferrer which also disables the Referer HTTP header.
<a href="..." target="_blank" rel="noopener noreferrer">...</a>