loader gif

Google Chrome to block Drive-by-Downloads in ad frames without user interaction

Google Chrome to block Drive-by-Downloads in ad frames without user interaction
  • Google is planning to block unwanted ‘Drive-by-Downloads’ that are initiated from within ad frames without any user gesture.
  • This feature will be supported in all six blink platforms - Windows, Mac, Linux, Chrome OS, Android, and Android WebView, except iOS.

Google is planning to block unwanted ‘Drive-by-Downloads’ that are initiated from within ad frames without any user gesture.

What are ad frames - “An ad frame is an iframe marked as ad by the Chromium ad detection infrastructure AdTagging,” Yao Xiao described in a public design document.

Why it matters - Google is working on this feature to prevent unwanted downloads in order to make the web very secure and less abusive.

“Download doesn't make much sense with ads. It happens very rarely in practice and is also difficult to reproduce, which implies that a very small amount of ads are doing automatic downloads,” Google said in a Google Chrome platform status.

Worth noting

This feature will be supported in all six blink platforms - Windows, Mac, Linux, Chrome OS, Android, and Android WebView, except iOS, as iOS is based on WebKit.

The bottom line - This feature will prevent only downloads that occur without a user gesture or user activation, however, downloads will be allowed if users interact with ad frames ie, if users click or swipe on an ad.

“This is a security win since downloads are a vector to vulnerabilities in lots of cases. And this doesn’t introduce new security vulnerabilities, as we simply block the code path to download in some conditions,” Xiao said.

loader gif