Google Chrome Adding Malicious Drive-By-Downloads Protection

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/google-chrome-adding-malicious-drive-by-downloads-protection/

Google is in the process of adding support for automatic blocking of drive-by downloads originating from website iframes, one of the techniques preferred by attackers to drop malware payloads on vulnerable machines, with or without user interaction.

Drive-by downloads are when the browser downloads a file without a user requesting it, and in some cases without them even realizing. This could be done by malvertising, in the background in iframes, or via malicious scripts planted on websites by attackers, without the need of user interaction.

The download blocking in iframes feature was initially proposed for implementation during 2013 within the Web Hypertext Application Technology Working Group (WHATWG) mailing list by Google's Mike West and revived in the form of an issue on WHATWG's GitHub's repository during late 2017.

It was eventually picked up by Chromium project's Yao Xiao who has published the feature's design and core principle considerations details in a public Google Docs document appropriately named "Preventing Drive-By-Downloads in Sandboxed Iframes."

 

[shmu26]

Driveby downloads won't hurt you unless you go and open the file yourself, after it finishes downloading. It does not cause automatic infection.

 

[dash]

This is great! Anything that makes the average Joe safer is a good thing.

 

[Brie]

3 years from now, firefox will do the same.

firefox, the trailing edge of technology.

 

[oldschool]

More reason for them not to care about the likes of uBO, etc. with the V3 project! Advanced user medium mode in uBO and Nano already prevent this. But, it's not for everyone.