All modern web browsers support so-called push notifications. Websites may request permission to send notifications. When users accept, they may push notifications to the user’s system. Ideally, these are useful to the user. Maybe about a new post on the site, an auction running out, or about item availability in online stores.
Most of the time, at least from my experience, notifications are not that helpful for users. Sites may push lots of notifications to user systems. Abuse is rampant. Notifications may get abused for advertisement, scams, or malicious attacks.
While notifications contain no executable content, clicking on notifications may launch sites and thus attacks.
You can check out this recent story on Bleeping Computer for an example of attacks. The attack originated on Google Search and used notifications to push spam and malware.
One of the best options to deal with notifications is to disable them. This works well for users who never use them in the first place. Those who do use notifications on specific sites may also optimize their configuration.
The following paragraphs explain how that is done. Note that this applies to other Chromium-based browsers as well. All offer these options, and you may load the URL provided below to open the Settings.
Blocking Notifications in Chrome permanently
It takes just a few steps to block notifications in Google Chrome.
- Load chrome://settings/content/notifications in the Chrome address bar. You may also open Menu > Settings > Privacy & Security > Site settings > Notifications manually.
- Set the default behavior to “Don’t allow sites to send notifications”.
You are done. Chrome won’t send any notifications from this moment up. There is one exception, and this is handy to allow specific sites to send notifications while disallowing them from any other site.
Scroll down to the customized behaviors section. There you find overrides. Use the “allowed to send notifications” section to allow specific sites to send notifications to your system.
Activate the “add” button and type the domain name using the following format: [*.]domain.com.
This allows the domain to send notifications, even though the general setting is set to disabled.
Tip: you can also allow sites in the following way:
- Open the site in the Chrome browser.
- Click on the icon that is in front of the domain name in Chrome.
- Select Site Settings from the menu.
- Locate the Notifications preference and set it to “allow”.
Closing Words
My recommendation is to turn off Notifications and use the allow list for select sites only. This blocks all notification spam and any attempt to use notifications for malicious attacks. It also prevents less tech savvy users from accepting notifications on a regular basis in the browser.