Ryan Schoen, PM of Google Chrome, tells in a post what are the security tools that will be introduced for Google Chrome Security
Ryan Schoen, Product Manager of Google Chrome, said in a post how to improve Google Chrome Security, what are the new security tools that will be introduced soon.
Google Chrome security: the new tools
One of the advantages of the Web that allows developers to realize all the experiences they can imagine, and this has given birth to the rich variety of content available online. Although most of those who create content interested in providing quality experiences to users, we have found that a limited number of them use the flexibility and power of the Web to take advantage of users and redirect them to destinations other than those desired. Among the feedback we receive from Chrome on the desktop, 1 in 5 says he came across some kind of unwanted content; this is information that we value when we evaluate how to improve Chrome.
After features such as the popup blocker and the automatic reproduction protections on Chrome, in the next updates we will include three new protections designed to give users everything the Web has to offer, without many of these unwanted behaviors.
The problem of redirecting on Google Chrome
Recurring user feedback indicates that from one page another unexpectedly opens, apparently without reason. We found that this redirection often generated by third-party content embedded in the page, and that the author of the page did not want this to happen at all. To solve the problem, in Chrome 64 all redirects from third-party iframes will show an information bar instead of starting redirection, unless the user has interacted with that frame. In this way, the user will remain on the page he was viewing and we will avoid surprise redirects.
An example of a redirect blocked on a fictitious site. The iframes embedded in the site are attempting to open an unwanted destination, but Chrome prevents redirection and shows an information bar.
The most common violations on Google Chrome
Even when the user interacts with the content, something can go wrong, for example when, by clicking on a link, the desired destination opens in a new tab, but the main window opens a different and unwanted page. This in effect is a way to circumvent Chrome's popup blocker, one of the users' favorite features. Starting from Chrome 65 we will detect this behavior, which will bring up an information bar and prevent the main window from proceeding with redirection. In this way the user will go directly to the desired destination, keeping the contents of the starting page. Finally, there are many other types of serious violations that lead users to unwanted destinations, but are difficult to detect automatically. These include links to third-party websites hidden in playback buttons or other commands, or transparent overlays on websites that capture all clicks and open new tabs or windows.
Here are two types of serious violations in which a command on the site appears to do one thing, but once clicked it behaves differently. One looks like a play button on a video but sends the user on an unwanted download.
The other looks like a close button but instead opens unwanted popup windows.
Exactly as Google Safe Browsing protects users from malicious content, so in January Chrome's pop-up blocker prevented sites with these types of serious violations from opening new tabs or windows. To help site owners prepare for this change, today in the Google Search Console we also launch the Abusive Experiences Report, as well as other similar reports. Site owners can use the report to check if these violations are detected on their site, and to improve the user experience accordingly. Serious violations not resolved within 30 days will trigger blocking of new windows and tabs.
On the whole, we hope that these protections will improve users' browsing experience, allowing, however, access to everything the Web has to offer.