25 January 19, 07:36
Quote:Google is in the process of adding support for automatic blocking of drive-by downloads originating from website iframes, one of the techniques preferred by attackers to drop malware payloads on vulnerable machines, with or without user interaction.
Drive-by downloads are when the browser downloads a file without a user requesting it, and in some cases without them even realizing. This could be done by malvertising, in the background in iframes, or via malicious scripts planted on websites by attackers, without the need of user interaction.
The download blocking in iframes feature was initially proposed for implementation during 2013 within the Web Hypertext Application Technology Working Group (WHATWG) mailing list by Google's Mike West and revived in the form of an issue on WHATWG's GitHub's repository during late 2017.
It was eventually picked up by Chromium project's Yao Xiao who has published the feature's design and core principle considerations details in a public Google Docs document appropriately named "Preventing Drive-By-Downloads in Sandboxed Iframes."
Source: https://www.bleepingcomputer.com/news/se...rotection/
![[-]](https://www.geeks.fyi/images/collapse.png)
