Karlston Posted January 25, 2019 Share Posted January 25, 2019 Google plans to integrate a new security feature in the company's Chrome browser soon that it hopes will protect Chrome users from drive-by-downloads. The main characteristic of drive-by-downloads is that they happen without user interaction, and Google plans to block downloads that met the companies definition of unintended downloads. Google plans to implement the functionality for Chrome on all supported operating systems except for Apple's iOS operating system. Drive-by-downloads are used in numerous attacks, e.g. malvertising campaigns or pushing malicious payloads to a user's system. Tip: You may want to set downloads to manual in Chrome and other browsers to avoid any issues. Chrome downloads files automatically (without asking for location), and that led to a situation on Windows systems in 2017 where .scf files were downloaded to machines (and processed by Windows when the user opened the download directory). Downloads are initiated through a number of different methods; most, e.g. clicking on download links or right-clicking on download links and selecting save options, require user interaction. According to the design document "Preventing Drive-By-Downloads in Sandboxed Iframes" -- access it here -- downloads will fail in Chrome automatically if they meet the following conditions: The download is initiated without user interaction. Google notes that there are only two types of downloads that fall into the category. This happens in a sandboxed iframe. The frame does not have a transient user gesture at the moment of the click or navigation Google notes that about 0.002% of page loads are affected by the change. The company acknowledges that there are legitimate use cases for using the functionality and notes that the "percentage of breakage is small" and that legitimate publishers have an option to bypass the blocking. Google's implementation targets malvertising, advertising campaigns used to spread malicious downloads, first and foremost. Interested users can check out the official bug on the Chromium website to follow development. It is interesting to note that the bug was published in 2015. It is unclear when the feature will become available but it seems likely that it will be introduced this year. Source: Google plans to end drive-by-downloads threat (gHacks - Martin Brinkmann) Link to comment Share on other sites More sharing options...
The AchieVer Posted January 28, 2019 Share Posted January 28, 2019 Google Chrome to Get Drive-by Download Protection Engineers at Google are working on drive-by download protection for Chromium. Googles Chrome browser is based on the open-source engine Chromium. The feature is already on Chrome Canary edition, while a stable version will be on Chrome 73 when released in March or April. Drive-by Download A drive-by download is a term used for a download that occurs when the user isn’t aware. Some downloads are designed that way, such as URLs that trigger a download when accessed. Other files, however, such as those containing an iframe element, are often malicious. Many iframe elements that contain ads trigger malicious code to trigger a download. This malware allows hackers to access the computer. Hackers also leave iframes on hacked sites to infect unsuspecting visitors. According to Chrome statistics, around 0.002117 percent of pages loaded in Chrome, trigger a drive-by download. Updated Chrome Versions Google plans to include drive-by download protection in all Chrome versions. Apple’s iOS version won’t be getting the update, however, as it isn’t based on Chromium. The iOS version is based on WebKit (Safari) which doesn’t yet support this protection. Other Browser Adoption Internet Explorer and Firefox have been blocking drive-by downloads since at least 2015. However, other Chromium-based browsers are also expected to adopt this security feature. These browsers include Opera, Vivaldi, Brave and Microsoft Edge. Adding this feature is expected to help reduce the number of attacks from malvertising campaigns. These campaigns hide malicious code inside ads to place infected malware files on user’s computers. Ineffective for Compromised Websites Chrome’s addition of drive-by download protection, won’t stop all iframe attacks. When hackers leave a hidden iframe in an existing website, users can still trigger the drive-by download without realising. Because hackers will already have access to the code, they can instruct the iframe attribute in Google’s new feature to disable the protection. Source Link to comment Share on other sites More sharing options...
Reefa Posted January 28, 2019 Share Posted January 28, 2019 Threads merged... Link to comment Share on other sites More sharing options...
3175x175(CURRENT).thumb.jpg.b05acc060982b36f5891ba728e6d953c.jpg)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.