A new feature is coming to Google Chrome that will automatically block drive-by-downloads and could enhance the security of users. Drive-by downloads originate from website iFrames and happen when a browser downloads a file without the user requesting it. It is a notorious technique adopted by bad actors to load malware payloads on target machines without requiring any input from users.
Drive-by downloads are pursued for malvertising, as attackers hide malicious scripts in the iFrames of websites that download when a user loads the website. However, this includes user interaction situations when people accidentally click on deceptive ads or fake system error messages displayed on websites, triggering automatic downloads.
Chromium’s Yao Xiao posted the major details of the feature in a public Google Doc titled “Preventing Drive-By-Downloads in Sandboxed Iframes.”
The doc says, “Content providers should be able to restrict whether drive-by-downloads can be initiated for content in iframes. Thus, we plan to prevent downloads in sandboxed iframes that lack a user gesture, and this restriction could be lifted via an ‘allow-downloads-without-user-activation’ keyword, if present in the sandbox attribute list.”
As discussed by Xiao, the feature will automatically block the downloads that are caused by “navigations and simulated clicks on links” that do not require any user interaction.
His document says that Chrome will block drive-by downloads which meet all of the following conditions:
- The download is triggered via or navigations. Those are the only types of download that could happen without user gesture.
- The click or the navigation occurs in a sandboxed iframe, unless the tokens contain the “allow-downloads-without-user-activation” keyword.
- The frame does not have a transient user gesture at the moment of click or navigation.
Once added, the feature would save users from malvertising campaigns that work through advertisements for spreading malicious downloads.