Google Chrome will include new features to fight malvertising

by Lucia Danes - -

Google adds three new security features to Chrome

Google Chrome will include new features to fight malvertising

The technology company Google introduced three security updates[1] to Chrome web browser that will roll up next year. The new version of the browser – Chrome 64 – will be released on January 23, and it will include the first update. The upcoming version of the browser will no longer let third-party redirects to disturb browsing sessions.

Redirects to unknown and often suspicious websites are one of the biggest issues that Chrome desktop users have to deal with on a daily basis. According to the Google, about 20% of reports they receive are related to this problem. Thus, the program is working on the ways to offer the better and more secure version of the browser.

Google reveals that in March 2018, users can expect another update. The release of Chrome 65 will block-tab under behavior that is widely used for bypassing built-in Chrome’s pop-up blocker. Additionally, Google will ban new websites with misleading UI elements and add them to the “blacklist” called Abusive Experiences Report.

Blocking URL redirects makes a huge impact in the fight with malvertising

It would be hard to find an Internet user who hasn’t encounter an unexpected redirect. Of course, they are annoying and bothersome. However, these redirects might be a part of malvertising campaign. Therefore, criminals might trick users into visiting a harmful website.

In the blog post,[2] Ryan Schoen, Chrome product manager, note that the majority of redirects that bothers Chrome users are triggered by third-party content that is embedded in the website. Therefore, there’s no need to blame your favorite website’s owner. It’s not their fault.

Often these redirects are triggered by iframes – HTML components that are often used for adding third-party content to the website. However, webmasters do not use them. Unfortunately, they can still appear on the site with the help of ads.

Scammers and hackers can inject malicious JavaScript code and display infected ads on any website. This content might show up in any form and shape. Thus, a visitor can experience unexpected redirect anytime he or she browses through the site.

According to statistical data,[3] Google Chrome is the most popular web browser at the moment. It covered 54.57% of the market share worldwide in October 2017. The release of more secure Chrome 64 version might increase its popularity. However, security experts agree that blocking URL redirects will make an impact in the fight of malvertising too.

Chrome 65 will strengthen built-in pop-up blocker

Advertisers were not satisfied with Google’s idea to block intrusive pop-ups announced on June.[4] For this reason, advertisers found the way to cheat and walk around Google’s ad-blocker.[5] However, the situation won’t last long.

The Chrome 65, which is scheduled for release on March 6, will have a new feature that will block advertisers’ tricks. Currently, when a user clicks on a particular link, it opens a new tab. However, the old tab redirects to a third-party or commercial website.

Additionally, Chrome will block fake UI elements, such as video play buttons. If the button or other element tries to redirect user to a third-party site, this attempt will be blocked:

“<…> in Chrome 64 all redirects originating from third-party iframes will show an infobar instead of redirecting, unless the user had been interacting with that frame.”

Websites owners, who apply such unfair tactics, should be worried. Their sites might be included in the blacklist. Currently, “Abusive Experience Report” is added to Google Console account. Thus, you can check if your website is compatible and check the latest alerts there.

About the author

Lucia Danes
Lucia Danes - Security researcher

Lucia Danes is the news editor at UGetFix. She is always on the move because the eager for knowledge makes her travel around the globe and attend InfoSec events and conferences.

Contact Lucia Danes
About the company Esolutions

References