Chrome blocks drive-by-downloads to prevent accidental downloads

Madalina Dinita
by Madalina Dinita
Former Managing Editor
Affiliate Disclosure
Share this article:

Chrome browser
To fix various PC problems, we recommend DriverFix: This software will keep your drivers up and running, thus keeping you safe from common computer errors and hardware failure. Check all your drivers now in 3 easy steps:
  1. Download DriverFix (verified download file).
  2. Click Start Scan to find all problematic drivers.
  3. Click Update Drivers to get new versions and avoid system malfunctionings.
  • DriverFix has been downloaded by 0 readers this month.

After browsers like Firefox and Internet Explorer blocked drive-by-downloads, Chrome 73 is going to do the same.

Google Chrome is a gigantic browsing platform that offers unlimited browsing worldwide. Since it operates millions of users across the globe, Google takes every step necessary to ensure secure browsing with maximum productivity.

Google already introduced other safe features such as Safe Browsing, Sandboxing and site isolation. The company took this safety strategy one step further and introduced a new Chrome security update that will block down drive-by-downloads for safe browsing.

Drive-by-downloads are unintended downloads. In other words, the downloads that occur without the consent of the user. These downloads, mostly those originating from iFrames, contain malicious code which can threaten the personal information of the user.

In a public document, Google imparts to block only those drive-by-downloads that originate from iFrames and lack user gesture. According to the officials, “We plan to prevent downloads in sandboxed iframes that lack a user gesture, and this restriction could be lifted via an ‘allow-downloads-without-user-activation’ keyword if present in the sandbox attribute list.”

The new security update puts an end to those drive-by-downloads which satisfy the following conditions:

  • The download is triggered via or navigations.
  • Those are the only types of download that could happen without user gesture.
  • The click or the navigation occurs in a sandboxed iframe unless the tokens contain the “allow-downloads-without-user-activation” keyword.
  • The frame does not have a transient user gesture at the moment of click or navigation.

In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.

The document issues by Google also communicates that the security update will fail the drive-by-downloads without making any notable change. However, developers will receive a console-error.

For the non-technical visitors of WindowsReport, iFrame is an HTML element that is used to embed another webpage inside one webpage. These iFrames are hidden within the layout of the webpage and can install malware without your authorization.

This new update would be available on all platforms by March or April excluding iOS. This is because this kind of security is not supported on WebKit(iOS is based on WebKit engine).