One concern I'd like to raise regarding the new <permission>, <geolocation>, <install>, etc. elements is the potential increase in phishing risk.
Over time, users may develop trust in these new in-content, browser-provided controls, especially if they are presented with consistent labeling and behavior across sites.
However, because these elements are rendered within the page content, nothing fundamentally prevents a malicious site from creating custom buttons that closely mimic the appearance of the browser-provided ones.
While such a button would not be able to trigger the same browser functionality, it could still exploit the user's learned trust in order to drive phishing flows.
This is definitely not a new type of attack, fake logins, OS dialogs, or payment flows already exist, but I believe the new controls could amplify the risk by lowering users’ vigilance.
I’m wondering whether this has been considered in the design, and whether there are mitigation strategies that could help reduce the risk of confusion.
One concern I'd like to raise regarding the new
<permission>,<geolocation>,<install>, etc. elements is the potential increase in phishing risk.Over time, users may develop trust in these new in-content, browser-provided controls, especially if they are presented with consistent labeling and behavior across sites.
However, because these elements are rendered within the page content, nothing fundamentally prevents a malicious site from creating custom buttons that closely mimic the appearance of the browser-provided ones.
While such a button would not be able to trigger the same browser functionality, it could still exploit the user's learned trust in order to drive phishing flows.
This is definitely not a new type of attack, fake logins, OS dialogs, or payment flows already exist, but I believe the new controls could amplify the risk by lowering users’ vigilance.
I’m wondering whether this has been considered in the design, and whether there are mitigation strategies that could help reduce the risk of confusion.