Heads up for those of you obliging Forbes' forced resistance against adblocking:
There's (edit: what appears to be) an active exploit in their ad network, one that's getting around Chrome's redirect blocking through an apparent 0day.
Chrome's protection only works in cross-origin iframes [1] and has been in beta for years. I haven't checked in a while but can't find a source that confirms that it went live.
Forbes serves a large portion of their ads in same origin iframes and so is not fully covered by this protection.
How did we paint ourselves into this corner where the only way for our websites to exist is to run a different person's arbitrary code on our visitor's devices every time they open a page?
There's (edit: what appears to be) an active exploit in their ad network, one that's getting around Chrome's redirect blocking through an apparent 0day.
https://imgur.com/a/sRIB7pn
I'm on Chrome Beta 69.0.3497.53 on Android, so this may not apply outside that.
Chrome team: https://bugs.chromium.org/p/chromium/issues/detail?id=879938