Safari now suffers from new exploit allowing malicious website to render arbitrary webpage and extract information out of it.
As of now, there is a workaround requiring access to developer menu on macOS.
Paste the following command in Terminal:
defaults write com.apple.Safari IncludeInternalDebugMenu 1
Open Safari and select "Debug" from the menu bar, select "WebKit Internal Features" then Scroll down and click "Swap Processes on Cross-Site Window Open"AppleInsider
It is expected that this vulnerability will be fixed by Apple in upcoming software updates.