Google Chrome Implements Protection Against Drive-By Download Attacks

Google is working on adding a new feature to its Chrome browser that will automatically block drive-by download attacks. These attacks are carried out by cybercriminals using iframes embedded in the code of compromised websites. The goal, according to Google’s developers, is to protect users from the automatic download of malicious software onto vulnerable computers.

In a typical drive-by download attack, no user interaction is required for the malware to be downloaded. Attackers often hack legitimate websites that people visit regularly, inserting hidden iframe windows into the site’s code. As a result, a malicious file can be downloaded to a user’s computer in the background, without any prompts or warnings from the browser.

Google’s planned solution is relatively straightforward: by default, Chrome will block all background downloads. The only indication that a drive-by download attack was attempted will be an error notification in the developer console.

This new feature will also help prevent the download of malicious advertisements, further enhancing user security.