Google to protect users from “drive-by” downloads in Chrome 73

Google to protect users from

Google to protect users from “drive-by” downloads in Chrome 73

With the release of Chrome version 73, Google plans to protect their users from so-called “drive-by downloads”, a term used for web pages that covertly download files to the user’s PC without their consent. 

Drive-by downloads are often malicious, commonly coming in the form of hidden iframes that activate without a click from the user. Such iframes are common on hacked websites, but Google plans to address this issue by preventing downloads from sandboxed iframes that lack user gestures. 

Chrome version 73 is due to release on March or April, with the feature coming to all version of Chrome except for its iOS variant, which doesn’t use the Chromium web engine. Google estimates that 0.002117% of all web pages loaded on Chrome contain drive-by downloads. While this is a tiny percentage, it is worth remembering how vast the internet is, and the sheer number of pages “drive-by” downloads are present on.     

Sadly, this protection is not expected to completely mitigate the problems posed by drive-by downloads, as Google plans to offer an iframe attribute that disables the browser’s security. This means that hackers that have compromised a website’s source code could use this attribute to disable Google’s download protection. Even so, Google’s planned feature will protect a lot of users from potential online attacks.  

Google to protect users from  
While it is worth noting that both Microsoft Edge and Mozilla Firefox has offered this kind of protection for years, this move is a clear security win for Chome, adding extra security to the browser without any major downsides. 

You can join the discussion on Google adding protections against “drive-by” downloads on the OC3D Forums.