Google is in the process of adding drive-by-download protection to all the versions of Chrome. It will be adding the feature in Chromium, the open-source browser on which Chrome is based.
The feature is already active in the current Chrome Canary edition. However, a more stable version will be available on Chrome 73, scheduled for release in March or April.
What is a drive-by-download attack?
A drive-by-download attack is triggered when a malicious URL is downloaded onto a victim’s system without his knowledge. This can be done via malvertisment or via malicious scripts planted on websites by attackers.
Many iframe elements showing ads contain malicious code that triggers the drive-by-download. According to Chrome statistics, around 0.002117 percent of pages loaded in Chrome have been used to perform drive-by download attacks.
Adding the security feature
According to Google’s latest document, the company plans to block download in iframes feature, which in turn will prevent the drive-by download attack. The protection will be available in all Chrome versions. However, the update will not be implemented in Apple’s iOS version - as it supports WebKit (Safari).
"We plan to prevent downloads in sandboxed iframes that lack a user gesture, and this restriction could be lifted via an 'allow-downloads-without-user-activation' keyword, if present in the sandbox attribute list," Google said in its document.
Browsers like Internet Explorer and Firefox have already added this feature since at least 2015.
In the long run, the security feature is expected to reduce the number of attacks due to malvertising campaigns. These campaigns are used to infect victims’ systems by hiding malicious code inside ads.