Since we last caught up with a set of Google Chrome developers, a bit more was done on the hijacking of web browser history. Back in December of 2018, Google developers were working on making certain that 3rd-party sources weren’t able to jump in to your browser history, read, and utilize your data. Since then, the team worked on the issue for both Android and desktop environments – and they’ve done work on destroying annoying re-directing popups, too.
The issue originally had to do with websites digging their meaty little claws into your temporary browser history, then kicking you “back” to a webpage you’d most certainly not just come from. This is not a new method of moving a user into a webpage – it’s been in play for a while. It’s just about the most evil way to rack up hits, too, as it’s nearly undetectable due to its simplicity.
The back button, ladies and gentlemen, will no longer be used as a weapon of evil! Or at least that’s what we hope, with the latest updates to Chrome.
On January 24th, an entry on the Chromium gerrit suggested that developers added a UKM for history manipulation intervention. When active, this system adds a UKM log when an entry is marked as skippable. This was tested with gtest-filter SkipOnBack and was reviewed, then submitted on January 24th – so might well be part of the Chrome build in play right this minute.
At one point – back on December 21st, a solution is suggested by a developer which included “Not sure if this TODO would be worth the code complexity and performance cost (possibly not much), if we implement the scenario where all skippable tabs lead to back button disabled (on desktop) and closing the tab and going to last tab (on mobile).” Fast forward to January 17th and this solution seem to be put into place:
On January 17th, 2019, Chrome developers created an entry which allowed history entries to be skippable when the conditions were right. In Android this simply means a tab will be closed and a previous tab will be shown, just like if you’d pressed the “back” button on a first entry of a tab. On desktop this leads to the back button being disabled.
Right along these same lines is a latest entry in the gerrit that has to do with the closing of windows. The fix seems to be ignoring navigation in pending deletion frame – those frames you exit when you’re at a malicious or otherwise heavily ad-covered webpage. Those pending deleted frames will no longer spew their ugly commands at related windows – because how dare they do such a thing in the first place!
This latest update, the ignoring of the frames, was updated just this morning. As such, we can expect it to pop up in the latest developer-aimed Canary build on Windows and Android. Everyone else will need to wait!