Google has released Chrome 65 for Android, Linux, Mac, and Windows, bringing security enhancements and 45 fixes for security flaws.
As Google announced late last year, its aim is to roll out changes in Chrome to prevent nasty ads from bumping users to a page they never intended to go to -- potentially leading them to a malware site or page filled with ads.
Google flagged the changes soon after Android Police founder complained that redirect ads were still occurring on his site after moving exclusively to Google AdSense and Google Ad Exchange.
However, Chrome developers were as early as August last year working a so-called 'infobar' to notify users when the browser blocked redirects.
Google targeted the Chrome 64 release for blocking redirects from third-party iframes, so that if that occurs it would display an infobar explaining why a redirect was blocked unless the user has clicked on that iframe.
Chrome 65 addresses the 'tab-under' problem where clicking on a link opens the desired content in a new tab, while the opening tab navigates to a page the user never intended to visit.
To stop this, Chrome 65 detects this behavior, displays an infobar, and prevents the redirect on the main tab from occurring.
The restrictions on abusive experiences round out a long-running effort by Chrome developers to stop this behavior.
Google announced the restrictions alongside the launch of its Abusive Experiences Report for site owners who can see if abusive experiences have been seen on their site. Chrome may prevent new windows and tabs opening on sites that don't remove abusive experiences after 30 days.
Chrome 65 restricts "framebusting ability by requiring a relevant user gesture unless it is same-origin to the parent" because it was being abused by ads, according to the Chrome milestone hotlist.
"Summary Content in an <iframe> can generally navigate the top-level browsing context unless explicitly forbidden by the sandbox attribute (sometimes called 'framebusting'). Restrict this ability to content that is processing a user gesture, unless it is same-origin to the parent. Motivation Framebusting was originally used by content that wanted to prevent being placed in an <iframe> but it's being abused."
Chrome 64's milestone page says it introduces 'block tab-under navigations'. "A tab-under is when a page both opens a popup to some destination (usually where the user wants to go) AND navigates the opener page to some third party content (usually an advertisement). Chrome will block these navigations and show native UI to the user so they can follow the redirect just in case."