Google developers plan to add a Chrome feature that will prevent website ad slots from triggering automatic file downloads in user browsers."We plan to prevent downloads from ad frames that lack a user gesture to prevent unwanted drive-by-downloads, "Google developers said in a browser status page released today.
"Downloading with ads doesn't make much sense. It happens very rarely in practice and is also hard to reproduce, which means that a very small number of ads do automatic downloads," said Google. "Blocking downloads without user gesture in ad frames will make the web less abusive and safer."
An "ad frame" is "an iframe marked as an ad by the AdTagging Chromium ad detection infrastructure," according to a design document that Google also published today. This basically means any iframe that Google believes to be an ad.
Today's news marks Google's second security feature announced this year as part of its efforts to block "drive-by-downloads," a term used in the information security (infosec) industry to describe a download that occurs without user knowledge.
Back in January, Google announced that Chrome would also block automatic downloads (drive-by-downloads) of files initiated from sandboxed iframes-a type of HTML iframes also used to display ads, but also to exploit malware kits on computers for users.
That first feature is scheduled for late spring release in Google Chrome 74. Google hasn't said when it's planning to start blocking automatic downloads from ad slots, but this year's feature is expected.
This security feature is valid only if users do not interact with the ad frames. If users click or swipe an ad, file downloads will be allowed. This will allow ads to show the type of buttons "download" or "get it here."
If Chrome blocks downloading an automatic file, no visible warnings will be displayed by the browser. The browser maker estimates that once implemented, the performance impact of this feature is negligible. Google intends to add this feature to all versions of Chrome, with the exception of the one shipping for iOS that is not based on the Chromium engine, but on WebKit (Safari's engine).
No comments:
Post a Comment
Write Your Problem in the Below Comment Box