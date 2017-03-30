Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Google Plans To Alter JavaScript Popups After Abuse From Tech Support Scammers

Posted by msmash from the tidying-things-up dept.
An anonymous reader writes: Chromium engineers are discussing plans to change how JavaScript popups work inside Chrome and other similar browsers. In a proposal published on the Google Developers portal, the Chromium team acknowledged that JavaScript popups are consistently used to harm users.

To combat this threat, Google engineers say they plan to make JavaScript modals, like the alert(), confirm(), and dialog() methods, only work on a per-tab basis, and not per-window. This change means that popups won't block users from switching and closing the tab, putting an end to any overly-aggresive tactics on the part of the website's owner(s).

There is no timeline on Google's decision to move JavaScript popups to a per-tab model, but Chromium engineers have been debating this issue since July 2016 as part of Project OldSpice. A similar change was made to Safari 9.1, released this week. Apple's decision came after crooks used a bug in Safari to block users on malicious pages using popups. Crooks then tried to extort payment, posing as ransomware.

  • Oh well (Score:1, Informative)

    by Anonymous Coward

    Took you fucking long enough!

    • Amen.

  • It's taken... how many decades? (Score:3)

    by squiggleslash ( 241428 ) on Thursday March 30, 2017 @03:31PM (#54145769) Homepage Journal
    Seriously, this has been a problem since Netscape first implemented alert(). Why has it taken this long for someone to fix it?

  • I've found that i can right click on a tab to close it when it's been hijacked by models.

    • Re: (Score:1)

      by Stavr0 ( 35032 )

      I've found that i can right click on a tab to close it when it's been hijacked by models.

      Is that the one where one goes down on you while the other steals your wallet? Because I already heard that one.

  • How about more info on the dialog? (Score:3)

    by swb ( 14022 ) on Thursday March 30, 2017 @03:37PM (#54145817)

    Like the originating URL, submission URL or some general flag that says the pop up is generated by a site, and not the browser.

  • Making the alert, confirm and dialog models tab based seems like a reasonable restriction while still allowing HTML5 apps which will probably use these models for not nefarious purposes. Anything more may be an inconvenience for HTML5 web app authors - but not a roadblock to scammers.

    I'm looking at it from the perspective of having done a Google extension which required these models; while being available in the browser using Javascript, they're not available to extensions. As extensions go away and move

  • It's the most common type of call I get now. I support over 1,000 users at various companies around my city and most are using application whitelisting and don't know their own admin passwords, so it's pretty much impossible for them to execute a real virus, the these javascript tricks are scaring them left and right. I get a call almost every day over it. They are so upset they can't settle down long enough for me to tell them "restart windows". When they finally listen to me and restart windows, they

  • As far as I'm concerned browser devs are a bunch of cunts for allowing this shit in the first place and they all should be kicked square in the ass with razor studded boots for not fixing it sooner.

