Chrome blocks drive-by-downloads to prevent accidental downloads

Reading time icon 3 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Chrome browser
Try Opera One, a browser with various functionalities already built-in! A flawless browser like Opera has most functions already under the hood.Here's what's included by default:
  • Easy and intuitive workspace management
  • Ad-blocker mode integrated to load pages faster
  • WhatsApp and Facebook Messenger
  • Customizable Ul and AI-friendly
  • Get Opera One

After browsers like Firefox and Internet Explorer blocked drive-by-downloads, Chrome 73 is going to do the same.

Google Chrome is a gigantic browsing platform that offers unlimited browsing worldwide. Since it operates millions of users across the globe, Google takes every step necessary to ensure secure browsing with maximum productivity.

Google already introduced other safe features such as Safe Browsing, Sandboxing and site isolation. The company took this safety strategy one step further and introduced a new Chrome security update that will block down drive-by-downloads for safe browsing.

Drive-by-downloads are unintended downloads. In other words, the downloads that occur without the consent of the user. These downloads, mostly those originating from iFrames, contain malicious code which can threaten the personal information of the user.

In a public document, Google imparts to block only those drive-by-downloads that originate from iFrames and lack user gesture. According to the officials, “We plan to prevent downloads in sandboxed iframes that lack a user gesture, and this restriction could be lifted via an ‘allow-downloads-without-user-activation’ keyword if present in the sandbox attribute list.”

The new security update puts an end to those drive-by-downloads which satisfy the following conditions:

  • The download is triggered via or navigations.
  • Those are the only types of download that could happen without user gesture.
  • The click or the navigation occurs in a sandboxed iframe unless the tokens contain the “allow-downloads-without-user-activation” keyword.
  • The frame does not have a transient user gesture at the moment of click or navigation.

In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.

The document issues by Google also communicates that the security update will fail the drive-by-downloads without making any notable change. However, developers will receive a console-error.

For the non-technical visitors of WindowsReport, iFrame is an HTML element that is used to embed another webpage inside one webpage. These iFrames are hidden within the layout of the webpage and can install malware without your authorization.

This new update would be available on all platforms by March or April excluding iOS. This is because this kind of security is not supported on WebKit(iOS is based on WebKit engine).


More about the topics: Cybersecurity