Contact

Browser Push Notifications – A Security Concern | SNM Consulting

By /

Browser Push Notifications – A Security Concern | SNM Consulting

By Aruneesh Salhotra / May 19, 2023

Cybersecurity is more than just choosing an antivirus and running with it. In 2023, you need a full cybersecurity suite to protect both your device and your online browsing experience from any cyber threats.

Browser-based push notification adoption is on the rise, and mostly for the right reason. However, like everything, comes with potential risks. Push notifications should be allowed only with caution as the chance of receiving malicious notifications is high.
An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.

Let’s talk through what the Online Security browser extension does, how Chrome push notifications work, and why you need Online Security’s new features to defend against any issues that Chrome push notifications may present.

What are Web Push Notifications?

Web push notifications are small message alerts that are displayed on a visitor’s desktop when they have their web browser open. Websites use web push to connect with users after they’ve left their website to drive greater user engagement and conversions as well as to improve the digital user experience. Compared to more traditional communication channels such as email, web push is easier for visitors to enable and much harder for them to overlook.

Web Push Notifications are messages that are sent by a website or by a web app to your device, making these notifications significantly visible and also easy to respond to.

Chrome push notifications are messages used to communicate with you, even though you may not be on the particular website that is looking to engage with you. Sites sometimes request permission for Chrome push notifications. If the user approves the permissions, the sites can pop the notifications whenever they want, including outside of the browser.

Elements of a Web Push Notification Web push notifications often include a title, body content, a notification URL, a banner image, a browser icon, the web domain, and action buttons. These messages appear differently across operating systems and browsers. Although these notifications are small in size and content, brands put thought into their notification strategy to convey the right message, visuals, and calls-to-action (CTA’s) at the right moment in time.

Understanding the Permission Process Before websites can send web push, site visitors must opt-in to receive communication via this channel. Gaining user permission is a delicate art. Some companies will default to using a browser’s native permission prompt, which appears as soon as a visitor arrives on site. Others customize the prompt content and delay the permission request to give users more context and site experience to increase the likelihood of an opt-in.

What are the High-Level Benefits?

Web push can yield a variety of benefits for any company with a website. Compared to other communication channels, web push offers six distinct benefits:

High Visibility

Web push notifications grab a user’s attention in a sea of other stimuli.

High Opt-in Rate

Unlike channels such as email, the web doesn’t require the input of user-identified data, such as a visitor’s personal contact information. This means the barrier to opt-in is lower because visitors don’t have to provide their details to enroll. These notifications earn five times higher opt-in rates than channels such as email, which has an average opt-in rate of only two percent.

Versatility

Web push notifications can be used to send level-up challenges to online gamers, trigger abandoned cart sequences for online shoppers, share breaking news alerts, promote limited-time offers, and much more. The versatility of this channel makes it useful to a wide range of industries as they attempt to deliver a more seamless digital experience for site visitors.

Real-time Communication

Visitors will see web push notifications whenever their browser is open, which is powerful considering the statistic that the average internet user spends almost seven hours online each day. This means that web push notifications have the potential to reach visitors throughout their day.

Unique Audience

Web push is often used in tandem with other communication channels such as email because it allows brands to reach a distinct audience segment. Because web push notifications are browser-based, individuals who spend more time online tend to be more receptive to your web push messages and highly engaged.

Low Opt-Out Rate

In addition to being easy to enable, web push notifications also have low opt-out rates. Studies show that fewer than 10 percent of users who opt into web push will opt out over the course of a year. This means that web push notifications present a unique opportunity to build strong, long-term relationships with subscribers and improve user retention rates.

Security and privacy risks involved in accepting Push Notifications?

There are several security and privacy risks you should be aware of regarding Chrome push notifications:
  • Ads and 3rd-Parties: Websites sometimes sell these capabilities to ad networks and 3rd-parties to display ads
  • Hackers: Threat actors can use these capabilities to spread fake or deceptive messages, flood the user’s device with spam, and trick people into installing malicious apps.
  • Embedded Malware: The purpose of malware hidden in push notifications is either to deliver a flood of more ads (malvertising) to your browsing activities or to help hackers break into your accounts and steal money, data, or identity.
  • General annoyance: Aside from anything else, having to click so many times to close the pop-ups before you can read what you are actually trying to see online can be very frustrating!
  • Bandwidth pressure: When the amount of push notifications become truly aggressive, they can use up all the bandwidth on your device.

How to Review Push Notifications in Browsers (and Remove Them)

Are you getting suspicious push notifications and you’re unsure of whether they are malware or not? Or, even if you’re sure they’re not malware, you’d like to take back the permissions and you don’t know how?

Don’t worry, removing push notifications (when they are legit) is very easy. Here is how. (For malicious push notifications, things can be more complicated, and I’ll discuss it in more detail below).

For Google Chrome, just go to Settings/content /notifications, or directly copy-paste this link into the browser address: chrome://settings/content/notifications?search=notifications

This will reveal the list of websites you are allowed to send you push notifications, as well as the list of websites you blocked push notifications from. If you see one you don’t remember approving or wish to take back permission from, just click the vertical dots bar for that domain and select ‘Remove’.

A more comprehensive guide to removing the push notifications is available here

Browser push notifications: a feature asking to be abused

Signs that push notifications are malicious

  • Ads appear even in places where they shouldn’t (like your desktop, even when the browser is closed)
  • The browser home page changes without your permission
  • The websites you used to visit without issues are now not displaying properly, or you get redirected to another address.
  • You get pop-ups that are advertising fake software or updates, or warnings that you are infected, followed by prompts to install a specific clean-up tool (DON’T!)
  • You see apps and programs installed on your device (with shortcuts and everything) that you don’t remember to install.
If you experience any from this list above, there’s a high chance that you were infected with malicious push notifications.

Related Posts

Youtube Linkedin
Copyright © 2025 SNM Consulting Inc.
PROUDLY DESIGNED AND DEVELOPED BY:
USABILITY DESIGNS
Scroll to Top