Google Plans To Alter JavaScript Popups After Abuse From Tech Support Scammers (bleepingcomputer.com) 46
An anonymous reader writes: Chromium engineers are discussing plans to change how JavaScript popups work inside Chrome and other similar browsers. In a proposal published on the Google Developers portal, the Chromium team acknowledged that JavaScript popups are consistently used to harm users.
To combat this threat, Google engineers say they plan to make JavaScript modals, like the alert(), confirm(), and dialog() methods, only work on a per-tab basis, and not per-window. This change means that popups won't block users from switching and closing the tab, putting an end to any overly-aggresive tactics on the part of the website's owner(s).
There is no timeline on Google's decision to move JavaScript popups to a per-tab model, but Chromium engineers have been debating this issue since July 2016 as part of Project OldSpice. A similar change was made to Safari 9.1, released this week. Apple's decision came after crooks used a bug in Safari to block users on malicious pages using popups. Crooks then tried to extort payment, posing as ransomware.
Maybe there should be some highly visible difference between sites that use Javascript and those that do not? Like the tab changing color -- just to throw up a silly idea.
If Javascript could only affect that one tab that it runs in, then what harm could Javascript do?
I would like to have scroll bars that are consistent some websites hide the scroll bar or make it so small it's hard to hit reliably with a mouse.
Sure it might make the site look a bit better but everyone doesn't have a touchscreen and it sure makes the site a pita to use without working scrollbars.
They did that already it's just not a very popular option
chrome://settings/content tick "Do not allow any site to run JavaScript" click done.
The posted article is not "slashdot complaining about javascript." If it were then your statement would make more sense.
It's taken... how many decades? (Score:3)
But Firefox fixed this years ago. All of the alerts are bound to the tab and not the window.
Firefox fixed this in early 2011. It's Chrome that's lagging behind in this case.
Not sure when but in Safari Javascript popups come un in the tab, that you can switch away from.
Why not then employ stronger tactics against them... like a broadside [jollyrogertelephone.com]?
Just this week I had such a redirect & popup (thanks to a compromised WordPress site I was visiting), noted the # and set it along with a screenshot. A couple of hours later the phone # was no longer picking up as clearly they realized they weren't going to get any more legit calls in through it.
Maybe it's different on Linux (Score:2)
I've found that i can right click on a tab to close it when it's been hijacked by models.
I've found that i can right click on a tab to close it when it's been hijacked by models.
Is that the one where one goes down on you while the other steals your wallet? Because I already heard that one.
I've found that i can right click on a tab to close it when it's been hijacked by models.
Is that the one where one goes down on you while the other steals your wallet? Because I already heard that one.
That happened this morning. It felt good until it was really bad.
Isn't that the point of modal dialogs/windows?
Like the originating URL, submission URL or some general flag that says the pop up is generated by a site, and not the browser.
Making the alert, confirm and dialog models tab based seems like a reasonable restriction while still allowing HTML5 apps which will probably use these models for not nefarious purposes. Anything more may be an inconvenience for HTML5 web app authors - but not a roadblock to scammers.
I'm looking at it from the perspective of having done a Google extension which required these models; while being available in the browser using Javascript, they're not available to extensions. As extensions go away and move
As far as I'm concerned browser devs are a bunch of cunts for allowing this shit in the first place and they all should be kicked square in the ass with razor studded boots for not fixing it sooner.