Google plans to end drive-by-downloads threat - gHacks Tech News

Google plans to end drive-by-downloads threat

Google plans to integrate a new security feature in the company's Chrome browser soon that it hopes will protect Chrome users from drive-by-downloads.

The main characteristic of drive-by-downloads is that they happen without user interaction, and Google plans to block downloads that met the companies definition of unintended downloads. Google plans to implement the functionality for Chrome on all supported operating systems except for Apple's iOS operating system.

Drive-by-downloads are used in numerous attacks, e.g. malvertising campaigns or pushing malicious payloads to a user's system.

Tip: You may want to set downloads to manual in Chrome and other browsers to avoid any issues. Chrome downloads files automatically (without asking for location), and that led to a situation on Windows systems in 2017 where .scf files were downloaded to machines (and processed by Windows when the user opened the download directory).

chrome disable automatic downloads

Downloads are initiated through a number of different methods; most, e.g. clicking on download links or right-clicking on download links and selecting save options, require user interaction.

According to the design document "Preventing Drive-By-Downloads in Sandboxed Iframes" -- access it here -- downloads will fail in Chrome automatically if they meet the following conditions:

  1. The download is initiated without user interaction. Google notes that there are only two types of downloads that fall into the category.
  2. This happens in a sandboxed iframe.
  3. The frame does not have a transient user gesture at the moment of the click or navigation

Google notes that about 0.002% of page loads are affected by the change. The company acknowledges that there are legitimate use cases for using the functionality and notes that the "percentage of breakage is small" and that legitimate publishers have an option to bypass the blocking.

Google's implementation targets malvertising, advertising campaigns used to spread malicious downloads, first and foremost.

Interested users can check out the official bug on the Chromium website to follow development. It is interesting to note that the bug was published in 2015. It is unclear when the feature will become available but it seems likely that it will be introduced this year.

Now You: What is your take on the feature? (via Fossbytes)

Summary
Google plans to end drive-by-downloads threat
Article Name
Google plans to end drive-by-downloads threat
Description
Google plans to integrate a new security feature in the company's Chrome browser soon that it hopes will protect Chrome users from drive-by-downloads.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. ilev said on January 25, 2019 at 5:35 pm
    Reply

    Wish they could block Microsoft’s automatic updates :-)

    1. Mola Ram, CEO Microsoft said on January 26, 2019 at 3:59 am
      Reply

      Look how much data Win 10 sends to Microsoft nearly continuously. Every time you use ANY Microsoft app or service you are being tracked. https://hackmag.com/security/what-data-windows-10-sends-to-microsoft-and-how-to-make-it-stop/

  2. Henry Gomez said on January 25, 2019 at 7:16 pm
    Reply

    Big deal. Google is the drive-by!
    They really suck.
    But the sheep fall for them Bha, Bah.

    1. Anonymous said on January 25, 2019 at 8:07 pm
      Reply

      Google is the drive-by, so true. On how many computers was Chrome installed by bundling with some other ethically-challenged software ?
      The paradox of current times is that software that markets itself as secure and protecting us from malware is often the worst threat itself when measuring it by damage done times number of installs.

    2. Bha, Bah said on January 26, 2019 at 3:48 am
      Reply

      My 2 cents. I know what Google is. But at the same time it’s the only one that gives me 15 GB for free. So I know exactly what I have signed for. Even MEGA has downgraded their cloud service to 15 GB, Amazon to 5 GB, Microsoft to 5 GB, Dropbox to 2 GB. Let me know about a service which gives so many free GB and has good upload and download speeds with no caps like MEGA and I will stop using Google. Until then I have no problem if they spy on me. Until then I like being a sheep, Bha, Bah.

      1. thebrowser said on January 27, 2019 at 12:32 am
        Reply

        @Bha, Bah

        Maybe you should check pCloud: they offer 10GB for free and up to 20GB through referrals. It works on web browser and all major OS.

        Regardless of what service provider you choose you should consider using Cryptomator to encrypt your files locally before uploading them to the cloud.

      2. Bha, Bah said on January 27, 2019 at 10:15 am
        Reply

        Thank you thebrowser for the suggestion. I have tried pCloud. pCloud recently changed the way it does business. Where once you got 10GB of free storage plus one gig for every friend you referred to the service, you now get 2GB straight out the gate and have to earn the other 8GB. It’s very difficult now to have multiple 10GB accounts. Initially only 2GB is free, the other 8GB needs to be unlocked. Whatever I try I always go back to Google like a sheep….

      3. thebrowser said on January 28, 2019 at 4:05 am
        Reply

        True that, I didn’t realize it worked that way although it doesn’t seem to be such a big deal, all you have to do is verifying email address, upload your first file, download their desktop client, download their app, turn on backups…

        These are all pretty normal and expected things to do, it will take you less than 5 minutes, and most of them can deactivated/uninstalled later once you unlock the extra space. To be honest it took me longer to write this comment than to sign up for a dummy account. Not sure why you’d find it difficult to use at all.

        And if you do need several accounts because you have so much data you should probably get a paid account (regardless of the service provider). I mean, free stuff is nice and all, but you’d get much more space and plenty of benefits, and none of the inconveniences and space limitations (specially if you really do have so much data to backup and which you need to keep track of throughout multiple accounts).

        Anyway I my advise to use Cryptomator regardless of what you choose to do with your data still stands.

      4. Bha, Bah said on January 28, 2019 at 10:44 pm
        Reply

        Yes, I agree. I need around 300 GB, I have 10 Google accounts, I will try pCloud again, but it’s not that easy to do all these to 20 pCloud accounts, and it’s = a nightmare to handle my files in 20 accounts. Yes, I encrypt my data with rclone in Google Drive. The good thing about pCloud is that it has a one time purchase option. I am not going to pay every month for 300 GB. But pCloud one purchase option is not a bad option. I will try pCloud again.

  3. supergirl said on January 26, 2019 at 2:45 am
    Reply

    “Google”…….. “acknowledges that there are legitimate use cases for using the functionality ”

    WTF. ?!?!?!
    …..when & where is their a legitimate reason to be Sneaking something onto someones computer..?!?!?!?!?

    1. MarkG said on January 26, 2019 at 8:02 am
      Reply

      There isn’t. It’s marketing excuses for not having this nonsense fixed since day one. And this is not only about Chrome, I hope other browsers to do the same.

    2. supergirl said on January 27, 2019 at 5:45 am
      Reply

      I definitely want to look into it.
      As Im such a noob I cant use the Ghacks.js file.
      I have No idea how. Im too incompetent to.LoL

      Those remaining on outdated OS’s and older-style browsers are only fooling themselves.
      @@@Windows 10 is by far the best operating system available today.@@@

      I replaced the HD so I can sell it with Windows later…..*shrug*
      probably a mistake….I’m fairly certain I could use this as is in 5-10 years….

      When Firefox warns me of a malicious site I go there just as a big F.U. to them…LoL

      But i’m using CloudFlare 1.1.1.1. I’m too incompetent to understand.

      1. ShintoPlasm said on January 27, 2019 at 9:53 am
        Reply

        I thought you were a Linux enthusiast?

      2. supergirl said on January 27, 2019 at 11:08 am
        Reply

        Sorry about above comment thats something I posted along time ago
        On a different topic.

        Dunno how it got here LoL

      3. supergirl said on January 28, 2019 at 2:08 am
        Reply

        Im by Nature lazy…I dont want to fiddle with my Computer.
        I want to turn it on & GO go go…
        So,if I praise a distro its easy & it worked great for me.
        I hope you enjoy your new found freedom & security.

        I value my privacy ALOT more than any passworded security.<<>>>>
        I use weak passwords because nothing I do on-line is risky for me.
        Or truly important.

        I dont use sync for my browsers…..
        If I want to pass info from comp to comp I email it, Or put it on a USB.
        I do on-line is risky for me. Or truly important.
        When i email my self my passwords from comp to comp. That’s HIGH security don’t you think?!?

        All faked passwords & logins.Let them THINK they got something.

        So all those high security tech “experts” are maybe just missing the point,no?

        I have a UEFI Win8 comp with a nasty UEFI virus….I blame Microsoft
        BIOS was pretty safe until They got involved.

        Maybe, Im too incompetent to.LoL

  4. ULBoom said on January 26, 2019 at 2:19 pm
    Reply

    “0.002% of page loads…” Riiiiiight.

    Borrowing from ilev, MS is by far the worse offender. Can’t remember when anything downloaded without user interaction beside those onerous, highly destructive Windows Updates.

  5. Chris said on January 26, 2019 at 8:31 pm
    Reply

    Does this issue affect Firefox in any way? Or is this specific to Google’s Chrome?

  6. Chris said on January 26, 2019 at 8:40 pm
    Reply

    Martin, you wrote “Chrome downloads files automatically (without asking for location), and that led to a situation on Windows systems in 2017 where .scf files were downloaded to machines (and processed by Windows when the user opened the download directory).”

    Did something change during or after 2017 to fix this, or is it still an issue? If something changed, what was it?

  7. 11r20 said on January 27, 2019 at 7:34 am
    Reply

    ((laughin))Mr Martin when I saw the title of this thread, I thought you were talkin about them little Googler clown cars that run around takin pictures n’ stealin data

  8. foromir said on January 27, 2019 at 9:18 am
    Reply

    Pff. That’s nothing compared to one-click-no-confirmation-youve-just-subscribed-to-a-paid-scamservice situation on the phones!
    https://www.theregister.co.uk/2015/08/11/direct_to_bill_mobile_payment_scam/

  9. LTL said on January 27, 2019 at 10:45 am
    Reply

    Although I am quite cautious about MS’s (or Crookle’s) telemetry myself, I read this very refreshing view on the matter by Kari Finn:
    https://win10.guru/windows-10-telemetry-and-groundless-paranoia/

  10. supergirl said on February 4, 2019 at 3:47 am
    Reply

    @LTL Thank you for the link.

    I wonder if everything he writes is SO clueless.

    Im just about Bill Gates age & he has been
    a dishonest money grubber since forever.

    Microsoft’s practices have bordered on illegal since its inception.

    Kari Finn’s idiotic un-awareness of this is ridiculous.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.