Google Chrome will soon block redirects to malicious websites

Google adds new layer of security to Chrome: no more redirects to dangerous sites

The upcoming Chrome security features will play an important role in the fight against malvertising. The technology company Google announced on the blog^[1] about three new features that will be added to the browser next year.

The first security update should be released at the end of January 2018 and will block URL redirects via iframes. Later on, Chrome will block tab-under behaviors and misleading UI elements that might also trigger redirects to infected websites.

Google Chrome already has a built-in pop-up blocker^[2]. However, it’s not enough to give proper security to the users. Cyber threats like Chrome redirect virus^[3] and Chrome adware^[4] continue causing browsing-related problems and put users’ computers and privacy at risk.

Chrome v.64 will block iframe redirects

The release of new version of Google Chrome will include the first major security update – URL redirection triggered by iframe. Currently, it’s one of the ways how malicious ads are injected into the websites.

Iframes are HTML components that might be used for adding content from third-party sources, for instance, ads. However, the majority of website owners do not include them into their sites, but they still might end up on the website via advertisements.

Cybercriminals take advantage of this feature and inject JavaScript code in order to display malicious ads or redirect to potentially dangerous websites. This trickery might be used by scammers to redirect users to fake tech support scam sites that might deliver ”Google Chrome Fatal Error!” pop-up or make people fall for other hoaxes.

If a website will trigger a malicious redirect, the browser prevents it and inform about blocked activity on the toolbar. Undoubtedly, this new feature will become a challenge for criminals. Even though, malvertising has been reported growing; this new Chrome feature is expected to stop distribution of the malware-laden ads.

Two more security updates are coming in 2018

Apart from iframe URL redirects, Google will also introduce two more features next year. The company is working on new features that will block tab-under behavior and misleading UI elements that might trigger redirects.

The second update is expected at the beginning of March with the release of Chrome 65. It will solve the problem with tab-under behavior which allows bypassing browser’s built-in pop-up blocker. Currently, some websites can play around this feature by opening a link that users want to click on in a new tab. Meanwhile, the previous tab will redirect to a promotional domain.

Another security issue is related to misleading UI elements, such as play button. The majority of users may have dealt with a redirect problem once they clicked the play button to watch the desired video.^[5] Instead of starting the video, the button opened a new browser’s window or tab.

To fight with these problems, Google announces the third major security feature – Abusive Experiences Report. It’s a blacklist of shady websites that include misleading components to force visitors entering promotional or potentially dangerous sites.

Abusive Experiences Report is already included in Google Console account. Thus, website owners will start receiving alerts about misleading UI elements soon.