Google rolls back Chromium update with iframes that destroy websites

Google rolled back an update to Chrome after it broke websites. The company is trying to phase out certain types of iframes for sending notifications from the browser, but developers are complaining that websites no longer work properly as a result.

This is a proposal that the developers of Chromium have been working on since March last year . Google wants to remove support for cross origin iframes in popups. The company does this for safety reasons; Chrome currently allows iframes to trigger JavaScript dialogs, in the form of popups. In a cross-origin iframe, which links to a different domain than where the pop-up appears, users see a different text than when it comes from the original domain.

“The current user experience is confusing and has led to spoofs in the past,” the developers wrote in an issue tracker last year. Thus, by being able to link to other domains in pop-ups, it is possible to spoof users or spread malware in other ways, because the user is more likely to accept such pop-ups.

Since then, Google has blocked the loading of JavaScript into cross-origin iframes, among other things. Ultimately, it is intended that window.alert, window.promptand window.confirmdisappear from pop-ups in the browser. That first happened in Chrome version 92.0.4515.107. That version came out two weeks ago. Since then, many developers complain that this removal causes problems with their websites.

In an issue tracker , several developers complain that it causes bugs on their sites. Among other things, the use of third-party services in pop-ups no longer works, and other websites say that their content can no longer be loaded via an external CDN.

Google has therefore now reversed the decision. That will happen at least until August 15, so that developers have longer to update their software. Microsoft also hears the criticism. The company rolled back the feature in Edge 92.0.902.62 .