Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available
Connect with us

Hi, what are you looking for?


Endpoint Security

Chrome 86 Starts Blocking Abusive Notification Permission Requests

Google has stepped up its effort against websites that have a history of sending abusive notification content, by blocking notification permission requests in Chrome 86.

Google has stepped up its effort against websites that have a history of sending abusive notification content, by blocking notification permission requests in Chrome 86.

This is the latest step Google has taken in this direction, after the introduction of the quiet notification permission UI in Chrome 80 and the automatic enrollment in the quiet notification UI for websites that display abusive notification permission requests starting with Chrome 84.

Such websites, the Internet search giant explains, includes sites that send messages containing links to malware, or which display spoofed system administrative messages.

“When abusive notification content is detected on an origin, Chrome will automatically display the permission requests using a quieter UI,” Google reveals.

Starting with Chrome 86, the enforcement targets notification content and applies to all sites that are known to be sending messages with abusive content.

“This treatment applies to sites that try to trick users into accepting the notification permission for malicious purposes, for example sites that use web notifications to send malware or to mimic system messages to obtain user login credentials,” Google explains.

The UI displayed to the user is the one introduced in Chrome 84.

With this change, Google says, Chrome aims to aid users who have long complained of abusive notification prompts, as well as to deliver an improved user experience, while reducing the likelihood that sites would misuse the web notifications feature.

Advertisement. Scroll to continue reading.

“Google’s automated web crawling service will occasionally subscribe to website push notifications if the push permission is requested. Notifications that are sent to the automated Chrome instances, using Safe Browsing technology, will be evaluated for abusive content, and sites sending abusive notifications will be flagged for enforcement if the issue is unresolved,” Google explains.

The Internet giant also explains that, for sites that do not comply with notification abuse policies, Search Console notifies registered site owners and users at least 30 calendar days before starting to enforce the quieter notifications user interface, so that site owners can address the issue.

Site owners can review the Abusive Notifications Report in Search Console. The Search Console also includes a guide on how the abusive notifications can be fixed, and also allows admins to request another review of their websites.

In the future, Chrome will revert the notification permission status to default for those sites where users might have unintentionally allowed abusive notifications. Users, however, can re-enable those notifications.

Related: Google Takes Action Against Misleading and Malicious Notifications in Chrome

Related: Chrome 84 Brings 38 Security Patches, Resumes CSRF Protection Rollout

Related: Chrome Update Patches Actively Exploited FreeType Vulnerability

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

Professional services company Slalom has appointed Christopher Burger as its first CISO.

More People On The Move

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.