Chrome becomes immune to sneaky downloads

Get a free Techzine subscription!

Google introduces built-in protection for sneaky downloads for Chromium-based browsers. It lags behind Firefox, among others.

Chromium finally gets protection for drive by downloads. These are sneaky downloads that automatically start when users visit a website, without having to click on anything. Usually these are rogue files placed on the site by hackers. Google does not target automatic downloads that are legitimate, such as a url linked to a file, but specifically looks for abuse of iframe elements on websites.

The protection must be adequate to block most of the drive by attacks. Google does provide a way to bypass the blocking in order to provide automatic download functionality when needed. In this case, developers can implement allow-downloads-without-user-activation in the iframe-sandbox. Hackers who take full control of a website can use the same option to launch drive by downloads.

Late implementation

The protection is far from new. Firefox and even Internet Explorer have had similar functionality on board for years. Because Google builds the protection into the Chrome-opensource project, all Chrome-based browsers get the drive-by protection, not just Chrome itself. Only Chrome on iOS stays out, because that browser is necessarily based on Apples Webkit, which does not support the protection.

The protection is already available in the Canary version of Chrome itself and will roll out to the regular version of the browser in the near future. Other Chromium-browsers like Vivaldi, Opera (and soon Edge) will probably follow soon.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.