I got the answer to my Question
Validate Antiforgery Token compares cookie value with the _requestVerificationToken hidden value. So when a html which has _requestVerificationToken hidden field(copied from application) value in a new tab is opened, on submit of this page it passes ValidateAntiforgery validation because cookie value is same for both the tabs.