Chrome blocks drive-by-downloads to prevent accidental downloads

Irfa Batool avatar. By: Irfa Batool
2 minute read
Chrome browser

Home » News » Chrome blocks drive-by-downloads to prevent accidental downloads

After browsers like Firefox and Internet Explorer blocked drive-by-downloads, Chrome 73 is going to do the same.

Google Chrome is a gigantic browsing platform that offers unlimited browsing worldwide. Since it operates millions of users across the globe, Google takes every step necessary to ensure secure browsing with maximum productivity.

Google already introduced other safe features such as Safe Browsing, Sandboxing and site isolation. The company took this safety strategy one step further and introduced a new Chrome security update that will block down drive-by-downloads for safe browsing.

Drive-by-downloads are unintended downloads. In other words, the downloads that occur without the consent of the user. These downloads, mostly those originating from iFrames, contain malicious code which can threaten the personal information of the user.

In a public document, Google imparts to block only those drive-by-downloads that originate from iFrames and lack user gesture. According to the officials, “We plan to prevent downloads in sandboxed iframes that lack a user gesture, and this restriction could be lifted via an ‘allow-downloads-without-user-activation’ keyword if present in the sandbox attribute list.”

The new security update puts an end to those drive-by-downloads which satisfy the following conditions:

  • The download is triggered via or navigations.
  • Those are the only types of download that could happen without user gesture.
  • The click or the navigation occurs in a sandboxed iframe unless the tokens contain the “allow-downloads-without-user-activation” keyword.
  • The frame does not have a transient user gesture at the moment of click or navigation.

In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.


The document issues by Google also communicates that the security update will fail the drive-by-downloads without making any notable change. However, developers will receive a console-error.

For the non-technical visitors of WindowsReport, iFrame is an HTML element that is used to embed another webpage inside one webpage. These iFrames are hidden within the layout of the webpage and can install malware without your authorization.

This new update would be available on all platforms by March or April excluding iOS. This is because this kind of security is not supported on WebKit(iOS is based on WebKit engine).

RELATED GUIDES YOU NEED TO CHECK OUT:

Discussions

Next up

Top 4 software to recover lost email account passwords

Tashreef Shareef avatar. By: Tashreef Shareef
Less than a 1 minute read

Whether you use web-based email services or desktop email clients to manage your account, emails are used for business and personal communication by almost everyone. […]

Continue Reading

Here is what to do when Google Docs won’t print

John Waibochi avatar. By: John Waibochi
6 minute read

While Google Docs remains a super powerful real-time document authoring and collaboration software, it on occasion has issues. For instance, the complain that Google docs won’t […]

Continue Reading

How to fix “Acrobat failed to connect to a DDE server” errors

Matthew Adams By: Matthew Adams
3 minute read

The Adobe Acrobat PDF (Portable Document Format) software throws out an “Acrobat failed to connect to a DDE server” error message for some users. That […]

Continue Reading