Google reverses embarrassing website-breaking Chrome update

News
By published

Change designed to prevent spoofing led to broken websites and web apps

Man annoyed at laptop
(Image credit: Marjan Apostolovic / Shutterstock)

Google has made the decision to temporarily reverse the removal of browser alert windows and other prompts created by cross-origin iframes in Chrome after an update to its browser led to an uproar from developers as well as broken websites and web apps.

As reported by The Register, an iframe, which is short for Inline Frame, is a portion of a web page that is embedded in another web page. However, when an iframe contains resources form a different origin or domain, it is known as a cross-origin iframe.

The Chromium team has been planning since March of last year to limit the capabilities of cross-origin iframes due to the fact that they are a security liability. This is because they make it possible for an embedded resource such as an ad to show a prompt in Chrome as if came from the host domain.

In an Intent to Remove notice posted in a Google Group last year, a Google engineer explained how cross-origin iframes can lead to spoofs, saying:

“The current user experience is confusing, and has previously led to spoofs where sites pretend the message comes from Chrome or a different website. Removing support for cross origin iframes’ ability to trigger the UI will not only prevent this kind of spoofing, but will also unblock further efforts to make the dialog more recognizable as part of the website rather than the browser.”

A well-intentioned change

While Google's decision to remove browser alert windows and prompts from Chrome was well-intentioned, its implementation has caused headaches for many developers.

To prevent spoofing, the search giant has disabled JavaScript code in cross-origin iframes from calling the alert, prompt and confirm methods on the browser's window object that web developers frequently use to show dialog boxes. However, this change has broken many web apps and has left developers frustrated which is why Google decided to temporarily reverse it. Still though, the company plans to completely remove these prompt mechanisms from both same-origin contexts  and cross-origin ones in the future in an effort to prevent them from being abused.

With the release of Chrome 92.0.4515.107 earlier this month, window.alert, window.prompt and window.confirm were deprecated from cross-origin iframes. This change has led to problems in a number applications that use cross-origin iframes to show alerts, notifications and confirmation windows to their users.

To provide developers with more time to rewrite their apps and sites, Chrome has now disabled its deprecation until August 15.

Via The Register

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Fingerprint
Profit over privacy? Google gives advertisers more personal info in major ‘fingerprinting’ U-turn
Home internet connection. A wlan router on desk with notebook in background.
Cloudflare admits security tool is blocking some challenger browsers
female graphic designer pointing with finger on laptop computer during collaboration with male colleague on common project in coffee shop
How sites are falsely blaming ad blockers for site breakdowns
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
Woman using a Windows computer with Microsoft Edge
Don’t panic – Microsoft’s Edge browser isn’t about to subject you to a flood of unblocked adverts (not yet, anyway)
Google Chrome
Google Chrome's Incognito mode is now more private in Windows 11 - and it's all thanks to Microsoft
Latest in Software & Services
TinEye website
I like this reverse image search service the most
A person in a wheelchair working at a computer.
Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other
This people search finder covers all the bases, but it's not perfect
That's Them home page
Is That's Them worth it? My honest review
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Latest in News
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
More about software services
A person in a wheelchair working at a computer.

Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other

This people search finder covers all the bases, but it's not perfect
AMD Ryzen 9950X

I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
See more latest
Most Popular
AMD Ryzen 9950X
I analyzed 25 AMD Zen 4 and Zen 5 CPUs and the Ryzen 9 9900X is the best of them all right now: Here’s why
Ugreen \00d7 Genshin Impact Kinich Collectible Gift Box and exclusive Genshin Impact merchandise.
Ugreen reveals exclusive Genshin Impact collection and they're some of the most eye-catching charging products I've ever used
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Google Gemini AI
Gemini can now see your screen and judge your tabs
iFi iDSD Valkyrie in gold, on a beige desk
iFi's iDSD Valkyrie DAC wants to guide your music to the great hall of Valhalla
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now