Google rolls back Chromium update with iframes that breaks websites

Google rolled back an update for Chrome after it broke websites. The company is trying to phase out a certain kind of iframes for sending notifications from the browser, but developers complain that websites no longer work properly.

It is a proposal that has already been since March last year being worked on by the developers of Chromium. Google wants to remove support for cross origin iframes in popups. The company does this for security reasons; Chrome currently allows iframes to trigger JavaScript dialogs, in the form of popups. In a cross origin iframe, which links to a different domain than the popup appears on, users see a different text than when it comes from the original domain.

“The current user experience is confusing and has led to spoofs in the past,” the developers wrote in an issue tracker last year. By being able to link to other domains in pop-ups, it is therefore possible to spoof users or distribute malware in other ways, because the user accepts such pop-ups more quickly.

Since then, Google has blocked loading JavaScript in cross-origin iframes, among other things. Ultimately, window.alert, window.prompt, and window.confirm are intended to disappear from pop-ups in the browser altogether. This first happened in Chrome version 92.0.4515.107. That version came out two weeks ago. Since then, many developers have been complaining that the removal is causing problems with their websites.

In an issue tracker several developers complain that it bugs their sites. Among other things, the use of third-party services in pop-ups no longer works, and other websites say that their content can no longer be loaded via an external CDN.

Google has now reversed the decision. That will happen at least until August 15, so that developers have longer to update their software. Microsoft also hears the criticism. The company has Edge 92.0.902.62 the function reversed.