Google Proposes Changes To JavaScript To Combat Malicious Popups

Google is planning on engineering JavaScript modals to work on a per-tab basis, rather than the per-window approach used today to make it easier for users to close potentially malicious popups. Fraser Kyne, EMEA CTO at Bromium commented below.

Fraser Kyne, EMEA CTO at Bromium

fraser-kyne“We are seeing increasingly sophisticated methods of scare-tactics being used to trick users into activating malware. Pop-ups like those that Google is seeking to address are often designed to do just that, with clever features such as buttons that look like they will close the pop-up actually being a part of it; redirecting the user to a malware download and giving the attacker everything they want.

“Google has clearly acknowledged that this is a problem, and its actions are certainly a step in the right direction. However, this solution is far from fool proof, and some users will always be panicked into clicking malicious pop-ups. Ideally, there should be a safety net beneath them. For example, micro-virtualisation can ensure that every web page and tab is launched in its own, fully isolated environment. As a result, any malicious pop-ups and the malware they link to are trapped within that virtual machine, posing no risk to the rest of the system. If they find themselves clicking in the wrong place, the user can simply close the page down and the problem goes away.”

Information Security Buzz