Chrome 76: ESC-key use no longer seen as user action to block spam
From Chrome 76 on, Google won't allow sites access to certain APIs anymore based on a user's use of the ESC-key on such sites to fight abuse.
Most modern browsers prevent access to certain APIs open the websites based on user interactions with webpages. Access to certain APIs such as those that allow popups or screen changes, is blocked until the user interacts with the page in question.
Downloads are a basic example: they should be allowed if the user interacts with download links or buttons, but it is not a good idea to allow them if the user did not interact with the webpage in any form prior to the action.
Google introduced a new protective feature in Chrome recently that blocks automatic downloads in ad frames.
Another example is audio playback on sites. While you expect that to happen when you click on a video's play button, you may not expect sites to play audio without you interacting with that site first (and even then, you sometimes may not want sites to play audio, but that is another issue altogether).
Not every user interaction may indicate that it is okay to go ahead with certain activity on a webpage. A click or tap certainly falls into the user interaction category, but actions such as pressing the ESC-key on the computer keyboard, opening the Developer Tools, or hovering the mouse cursor over an element don't.
Google Chrome handles the ESC-key currently as active user interaction and that means that sites gain access to certain APIs.
The Esc-key may be used to stop the loading of a site and Google believes that this should not be counted as page interaction, however, and going forward, ESC won't be counted as such anymore.
The company published a demo page that highlights one of the issues that it identified. Hitting the ESC-key on the site opens a popup in Chrome, and that is certainly not something that the user would want to happen as a consequence of that action.
The release of Chrome 76 changes the ESC-key classification in the Chrome browser. Chrome 76 does not see ESC-key uses as page interactions anymore and Chrome will block actions that result out of its use.
Mozilla Firefox has a similar feature already in place that prevents page activity when the ESC-key is used by users of the browser.
Closing Words
Google moving the ESC-key from the user interaction side to the "does not count as user interaction" side is a good thing as it will prevent abuse by sites on the Internet.
Chrome 76 will be released in July 2019. (via ZDNET)
It opens new tab in opera browser instead of a pop-up…
I really like for Firefox and chrome the addon “Hello goodbye!” that is blocking annoying chat pop-ups for me.
This add-on block’s chat popups from Intercom, Messenger, ProductHunt, and Co for a cleaner browsing experience.
https://addons.mozilla.org/en-US/firefox/addon/hello-goodbye/
https://chrome.google.com/webstore/detail/hello-goodbye-chat-popup/nihpfpbibfgpgnfpbfedkdokihggapoi?hl=nl
The corporation plays Judge and Sheriff while all others have no say and collects everything it can get its greedy hands on… i do not forget that it collects and even understands the data, my data which i use in my private (haha) sphere… for example using a gmail account because someone decided to have mail there. Or the collection of ones adress book and thus all relations i have inkl. the data of those relations…. they do not know yet who i am, that is not yet verified but my telcom provider knows…
So it keeps others out, nasty ones for sure but is right in there among us… V. Putin once suggested to regulate the internet via the UN instead… at least it would be public.
Well right click should also not be seen as page interaction as it is the action afterwards, inside the context menu that is really the action. So many sites attack you with ads and popups upon a right click.
Agreed.
Sites also shouldn’t be able to prevent me from right-clicking either, by displaying a message saying “Right-clicking is forbidden on this page” or whatever.
@Anonee:
Fortunately, there are extensions for Firefox and its forks that will prevent sites from taking over the right click action. I assume that there are similar extensions available for Chrome, but I don’t know.