Chrome 86 will block notification permission requests for sites that send abusive notification content
Google started rolling out Chrome 86 on the stable channel earlier this month. The update introduced security improvements to alert users if any of their saved passwords had been compromised, new menu icons to help users easily navigate large menus, a Native File System API, Enhanced Safe Browsing for Android, and several developer-facing technical changes. According to a recent post on the Chromium blog, Chrome 86 also includes changes to the notification permission requests to prevent websites from sending abusive notification content.
For the unaware, Google introduced the quiet Notification permission UI in Chrome 80. With the Chrome 84 update, the company released auto-enrolment in quiet notification UI for websites that used deceptive patterns to request notification access. Now, with Chrome 86, the company has started blocking notification permission requests for websites that push abusive notification content.
The updated UI now actively discourages users from granting notification access to websites that use web notifications to send malware or mimic system messages to obtain user credentials. To effectively detect websites that indulge in such behavior, Google’s automated web crawling service will occasionally subscribe to website push notifications if the push notification permission is requested. Notifications that are sent to the automated Chrome instances will be evaluated for abusive content, and sites sending abusive notifications will be flagged for enforcement if the issue is unresolved.
In case the crawler identifies a website for any type of notification abuse, Search Console will alert the registered site owners and users in the site’s Search Console at least 30 days before the new UI is enforced. During this period, offending websites can address the issue and request another review. In an attempt to further reduce notification permission abuse in Chrome, Google is now working on a feature that will automatically revert notification access for offending websites. The feature will be released in a future update.