Security Experts:

Chrome 86 Starts Blocking Abusive Notification Permission Requests

Google has stepped up its effort against websites that have a history of sending abusive notification content, by blocking notification permission requests in Chrome 86.

This is the latest step Google has taken in this direction, after the introduction of the quiet notification permission UI in Chrome 80 and the automatic enrollment in the quiet notification UI for websites that display abusive notification permission requests starting with Chrome 84.

Such websites, the Internet search giant explains, includes sites that send messages containing links to malware, or which display spoofed system administrative messages.

“When abusive notification content is detected on an origin, Chrome will automatically display the permission requests using a quieter UI,” Google reveals.

Starting with Chrome 86, the enforcement targets notification content and applies to all sites that are known to be sending messages with abusive content.

“This treatment applies to sites that try to trick users into accepting the notification permission for malicious purposes, for example sites that use web notifications to send malware or to mimic system messages to obtain user login credentials,” Google explains.

The UI displayed to the user is the one introduced in Chrome 84.

With this change, Google says, Chrome aims to aid users who have long complained of abusive notification prompts, as well as to deliver an improved user experience, while reducing the likelihood that sites would misuse the web notifications feature.

“Google’s automated web crawling service will occasionally subscribe to website push notifications if the push permission is requested. Notifications that are sent to the automated Chrome instances, using Safe Browsing technology, will be evaluated for abusive content, and sites sending abusive notifications will be flagged for enforcement if the issue is unresolved,” Google explains.

The Internet giant also explains that, for sites that do not comply with notification abuse policies, Search Console notifies registered site owners and users at least 30 calendar days before starting to enforce the quieter notifications user interface, so that site owners can address the issue.

Site owners can review the Abusive Notifications Report in Search Console. The Search Console also includes a guide on how the abusive notifications can be fixed, and also allows admins to request another review of their websites.

In the future, Chrome will revert the notification permission status to default for those sites where users might have unintentionally allowed abusive notifications. Users, however, can re-enable those notifications.

Related: Google Takes Action Against Misleading and Malicious Notifications in Chrome

Related: Chrome 84 Brings 38 Security Patches, Resumes CSRF Protection Rollout

Related: Chrome Update Patches Actively Exploited FreeType Vulnerability

view counter