Google is planning to add a feature to Chrome that will prevent downloads initiated from the advertising slots on a website. This feature will block drive-by-downloads through ad frames which lack user activation.
“Blocking download in ad frames without user gesture will make the web less abusive and more secure,” said Google developers in a Chrome browser status page.
Google also published a design document which describes an “ad frame” as an “iframe marked as ad by the Chromium ad detection infrastructure AdTagging.” In other words, any iframe which Google deems as an ad.
This feature will not only prevent unwanted downloads but also improve the security of Chrome users by blocking drive-by-downloads which could be malicious as well.
It is to be noted that this security feature works only in situations where users don’t interact with the ad frames. In case a user clicks or swipes on an ad file, Chrome will allow the ad frame to initiate downloading.
It will be allowed so that ads can show “download” or “get it here” buttons. Also, whenever Chrome blocks an automatic file download, there won’t be any visible warnings on the browser.
Google will add this feature to all Chrome versions, except for iOS, because it isn’t based on the Chromium engine and it works on WebKit (Safari’s engine) instead.
Although Google didn’t put a date on the newly announced feature, it is expected to arrive this year.
Of lately, Google has been taking serious steps to tackle the problem of menacing drive-by-downloads.
And this is the second security feature announced by the company to stop downloads on the browser which takes place without the user’s knowledge.
Earlier this year, Google announced that Chrome would also block automatic file downloads through sandboxed iframes — an HTML iframe which is used for showing ads but can also be exploited for plant malware on users’ computers.