When you’re browsing the web, there’s little that’s more annoying than clicking on what you think is a video and finding out that it was actually just an image with a link to a dubious site. Or what about those links that actually take you to your destination in a new window but then quickly navigate your original site to some ad for male enhancement pills? And then there’s still the garden variety site that just redirects you to a new page for no apparent reason.
With the arrival of Chrome 65 in its pre-release channels today, Google plans to fix these issues, which tend to pop up on sites that are often already a bit dubious to begin with. Think torrent directories and tube sites.
“One of the things we love about the web is that it gives developers a really rich set of content. That’s what sets the platform apart,” Google director of product management Ben Galbraith told me when I asked him about the reasoning for these changes. “In general, that leads to a number of really great experiences — but some folks abuse this power.”
So in Chrome 65, when a page tries to redirect you by abusing the power of iframes, Chrome will pop up an infobar but won’t take you to the new site automatically. The Chrome team tells me that there are some legitimate use cases for making iframes redirect a page, including some payment flows. But Google will only block redirects from iframes that a user hasn’t interacted with, so this shouldn’t really be an issues for legitimate sites.
For links that do take you to your expected destination in a new window or tab but then quietly redirect the originating site to something else, Chrome will now also prevent the redirect and pop up an infobar.
The most interesting tech here, though, is Chrome’s upcoming ability to figure out that a play button, some transparent site control or some other item on a page is really just a link to a malicious site. This feature will only start rolling out in January, though. Chrome group product manager Alex Komoroske tells me that this works similar to how Google Safe Browsing protects users from malicious links already, though he didn’t want to delve into the technical details of how exactly this new feature will work.
As the Chrome team stressed, the general idea here is to look out of for users while working with the ecosystem to ensure that none of these changes break legitimate use cases.
The Chrome team argues that this is also why it took a while to bring these features to Chrome. None of these issues are all that new, after all, or exploit any features that weren’t already available for years. But to do this in the right way — and to get it right without breaking too many existing sites — simply took a while. Either way, these features are here now if you are brave enough to try a pre-release version of Chrome. Once installed, all you need to do is find a really sketchy site to give these new features a try. Best of luck.
