Google Chrome to add drive-by-download protection

Google Chrome to add drive-by-download protection 1

Google engineers have started working on adding drive-by download protection in Chromium, the open-source browser engine that Chrome is based on.

The feature is already active in the current Chrome Canary edition and is scheduled to land in the stable version, in Chrome 73, scheduled for release in March or April.

For ZDNet’s non-technical users, “drive-by download” is a term used in the information security (infosec) industry to describe a download that happens without the user’s knowledge.

Not all drive-by downloads are considered malicious, as some URLs are meant to trigger a file download when accessed.

However, when a download is triggered on a web page from an iframe element hidden in its code, those types of downloads are almost always malicious in nature.

These usually happen when iframe elements showing ads contain malicious code that trigger the drive-by download, or when users access a hacked site where hackers left a hidden iframe to infect visiting users.

“We plan to prevent downloads in sandboxed iframes that lack a user gesture, and this restriction could be lifted via an ‘allow-downloads-without-user-activation’ keyword, if present in the sandbox attribute list,” Google said in a public document containing its feature implementation plan that it released earlier this week.

Google intends to add drive-by download protection to all Chrome versions, except the one that ships for iOS, which isn’t based on the Chromium engine, but on WebKit (Safari’s engine), where this type of protection isn’t yet supported.

Browsers like Internet Explorer and Firefox have been blocking drive-by downloads for years, since at least 2015.

Because this is a pretty useful security feature, other browsers based on Chromium –such as Opera, Vivaldi, Brave, and soon Microsoft Edge– are also expected to deploy it as well.

In the long run, this feature is expected to thwart quite a few malvertising campaigns –criminal groups that hide malicious code inside ads to drop malware-laced files on users’ computers.

The feature isn’t expected to stop drive-by download attacks part of “watering hole attacks,” a term used to describe when hackers compromise a website and leave a hidden iframe behind to trigger the drive-by download. This is because hackers already have access to a compromised site’s source code, and they can just use the iframe attribute that Google engineers plan to add to instruct Chrome to disable the drive-by download protection when rendering those iframes.

Roughly 0.002117 percent of all pages loaded in Chrome trigger a drive-by download, according to Chrome statistics [1, 2].

More browser coverage:

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

What Are E-stablecoins And How Do They Operate?
What Are E-Stablecoins And How Do They Operate?
August 11, 2022
How to Choose a Legit Crypto Casino?
August 5, 2022
Spend Crypto
5 Ways to Spend Crypto
August 2, 2022
What Is A DAO LLC?
What Is A DAO LLC?
August 2, 2022
Can Running A Lightning Node Earn You Passive Income?
Can Running A Lightning Node Earn You Passive Income?
July 5, 2022


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin22,824 0.04 % 2.67 % 4.70 %
Ethereum1,819.9 0.04 % 1.62 % 3.27 %
Tether1.001 0.07 % 0.03 % 0.13 %
USD Coin1.000 0.44 % 0.25 % 0.18 %
BNB291.54 0.14 % 5.19 % 9.92 %
Binance USD1.001 0.09 % 0.07 % 0.10 %
XRP0.3619 0.41 % 3.97 % 5.02 %
Cardano0.4961 0.14 % 8.36 % 6.69 %
Solana42.12 0.56 % 2.22 % 3.81 %
Dogecoin0.07428 0.36 % 8.62 % 4.65 %

bitcoin
Bitcoin (BTC) $ 22,822.00
ethereum
Ethereum (ETH) $ 1,821.91
tether
Tether (USDT) $ 1.00
usd-coin
USD Coin (USDC) $ 0.999925
bnb
BNB (BNB) $ 291.94
binance-usd
Binance USD (BUSD) $ 1.00
xrp
XRP (XRP) $ 0.363964
cardano
Cardano (ADA) $ 0.496234
solana
Solana (SOL) $ 38.33
dogecoin
Dogecoin (DOGE) $ 0.074418