> links with the domain different than the open one should not be allowed to be added to History
This is already the case, and AFAIK it's always been this way.
From [the HTML standard for pushState][1]:
> Compare newURL to document's URL. If any component of these two URL records differ other than the path, query, and fragment components, then throw a "SecurityError" DOMException.
Fair point; popstate allows you to do pretty much anything when the history entry is for the current domain.
That's not really an issue for this particular attack though, which relies on the reverse scenario: the user remaining on the current domain when they expected to navigate back to the third party search engine.
This is already the case, and AFAIK it's always been this way.
From [the HTML standard for pushState][1]:
> Compare newURL to document's URL. If any component of these two URL records differ other than the path, query, and fragment components, then throw a "SecurityError" DOMException.
[1]: https://html.spec.whatwg.org/multipage/history.html#dom-hist...