Ever visit a website and start reading… only to suddenly watch the page unexpectedly change to another site? Google wants to keep that from happening.
The company has announced that when Chrome 64 is released it’ll automatically prevent scripts running in third-party iframes from redirecting you to another site without your permission.
Google charitably assumes that scripts running in those third-party iframes are doing something the web publisher didn’t expect either… so this won’t protect you from a site that’s designed to automatically send you to a different page. But if a third-party service running on a site attempts to do so, you’ll see a “redirect blocked” message instead.
If you were interacting with the iframe at the time the redirect occurred, Chrome will assume that everything’s working as expected and allow the change to take place.
If you don’t want to wait for Chrome 64, it turns out there’s a way to enable the feature in Chrome 62 or later by toggling a flag, as described by Android Police.
This is one of several security changes coming to Chrome. Another is that starting with Chrome 65, the browser will prevent this from happening:
- You click a link on a website.
- The link opens in a new browser tab.
- The page you were on is redirected, so now you have two pages open: the one you had expected to open and one that you had not.
In January Google also plans to update it pop up blocker to prevent certain types of ads and other content from opening new tabs or windows.