Google Chrome introduces new security measures against malvertising
Google Chrome will boast new anti-malvertising security features in new versions of the browser to be released in 2018.
The Chrome security team announced the changes on Thursday in a post singling out offenders who “use the flexibility and power of the web to take advantage of users and redirect them to unintended destinations.”
The new defenses aim to block users from being redirected to URLs without the consent of either the user or website owner. Forced redirects are a common tactics of malvertisers in efforts to make money and possibly infect victims with malware. The new features are considered follow ups to Chrome’s pop-up blocker and autoplay protections in that they protect users against “unwanted content” that may be either technically dangerous or merely incredibly annoying.
Chrome 64, due in January 2018 will block URL redirections triggered by iframes that are almost always used by malicious advertising. Users will stay on the page they were reading unless they were directly interacting with the frame.
Chrome 64 is also taking action against deceptive UI such as malicious or advertising links disguised as play buttons and other overlays designed to capture clicks without consent. Describing the practice as “abusive,” Chrome’s security team directs site owners to prepare for this change with the Abusive Experiences Report.
Chrome 65, due in March 2018, will block a circumvention of Chrome’s pop-up blocker known as “tab-unders.” First reported by Bleeping Computer last month, the new defense will prevent the practice of having a clicked link open both the desired destination as well as a different and often malicious page in the original main window.
All three behaviors will be blocked by default and then trigger info bars to alert users in much the same way that Chrome’s pop-up blocker works today.