Level 52
Content Creator
Malware Hunter
Google is planning to add automated prevention of all downloads initiated from within ad frames which lack user activation, as part of an effort to boost the security of Chrome users by blocking possibly malicious drive-by-downloads.

As previously reported when Google was thinking of introducing this feature for downloads originating from website iframes, drive-by-downloads are a technique used by attackers to drop malware payloads on their victims' computers from compromised websites, with or without user interaction.

This time, Chromium project's Yao Xiao drafted up plans to prevent downloads in ad frames without user activation, and published the new feature's design and core principle considerations details within a public design document aptly titled "Preventing Drive-By-Downloads in Ad Frames."

Ad frames are iframes "marked as ad by the Chromium ad detection infrastructure AdTagging," Google's ad detection infrastructure which matches "resource requests against a filter list" and tags the frames that get a match as ads.

As detailed by Xiao, the automatic blocking of downloads originating from ad frames will be available on all six Blink platforms (i.e., Windows, Mac, Linux, Chrome OS, Android, and Android WebView), the only exception being iOS where Chrome uses iOS WebKit, Apple's mobile rendering engine and components.

Xiao also says in his feature design that "The only kinds of downloads that can occur without a user gesture are navigations and simulated clicks on links. Therefore, our intervention will block such downloads if they occur without a user gesture."