Chrome blocks drive-by-downloads to prevent accidental downloads

by Madalina Dinita
Madalina Dinita
Madalina Dinita
Windows & Software Expert
Madalina has been a Windows fan ever since she got her hands on her first Windows XP computer. She is interested in all things technology, especially emerging technologies... read more
Affiliate Disclosure
Chrome browser
Instead of fixing issues with Chrome, you can try a better browser: OperaYou deserve a better browser ! 350 million people use Opera daily, a fully-fledged navigation experience that comes with various built-in packages, enhanced resource consumption and great design. Here's what Opera can do:

  • Easy migration: use the Opera assistant to transfer exiting data, such as bookmarks, passwords, etc.
  • Optimize resource usage: your RAM memory is used more efficiently than Chrome does
  • Enhanced privacy: free and unlimited VPN integrated
  • No ads: built-in Ad Blocker speeds up loading of pages and protects against data-mining
  • Download Opera

After browsers like Firefox and Internet Explorer blocked drive-by-downloads, Chrome 73 is going to do the same.

Google Chrome is a gigantic browsing platform that offers unlimited browsing worldwide. Since it operates millions of users across the globe, Google takes every step necessary to ensure secure browsing with maximum productivity.

Google already introduced other safe features such as Safe Browsing, Sandboxing and site isolation. The company took this safety strategy one step further and introduced a new Chrome security update that will block down drive-by-downloads for safe browsing.

Drive-by-downloads are unintended downloads. In other words, the downloads that occur without the consent of the user. These downloads, mostly those originating from iFrames, contain malicious code which can threaten the personal information of the user.

In a public document, Google imparts to block only those drive-by-downloads that originate from iFrames and lack user gesture. According to the officials, “We plan to prevent downloads in sandboxed iframes that lack a user gesture, and this restriction could be lifted via an ‘allow-downloads-without-user-activation’ keyword if present in the sandbox attribute list.”

The new security update puts an end to those drive-by-downloads which satisfy the following conditions:

  • The download is triggered via or navigations.
  • Those are the only types of download that could happen without user gesture.
  • The click or the navigation occurs in a sandboxed iframe unless the tokens contain the “allow-downloads-without-user-activation” keyword.
  • The frame does not have a transient user gesture at the moment of click or navigation.

In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.

The document issues by Google also communicates that the security update will fail the drive-by-downloads without making any notable change. However, developers will receive a console-error.

For the non-technical visitors of WindowsReport, iFrame is an HTML element that is used to embed another webpage inside one webpage. These iFrames are hidden within the layout of the webpage and can install malware without your authorization.

This new update would be available on all platforms by March or April excluding iOS. This is because this kind of security is not supported on WebKit(iOS is based on WebKit engine).


Still having issues? Fix them with this tool:


If the advices above haven't solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on to easily address them. After installation, simply click the Start Scan button and then press on Repair All.

This article covers:Topics: