Google’s Chrome browser will get a protection feature to block dangerous drive-by downloads. This should prevent the distribution of malware via this channel.
Cyber criminals try to trick victims to download malware via drive-by downloads when visiting websites. By exploiting security vulnerabilities, the victim may not need to interact (e.g. click on the link).
Drive-by downloads are downloads when the browser downloads a file without a user requesting it. As mentioned earlier, the user does not even notice this download. This could happen in background cyber attacks in iFrames or through malicious scripts. These are placed on websites by attackers in order to deliver the malware files without user interaction when visiting the web page.
In 2013, Mike West of Google proposed a feature to block downloads to iframes for implementation on the Hypertext Application Technology Working Group (WHATWG) mailing list in 2013, which was revived at the end of 2017 at the Repository of HATWG GitHub.
Bleeping Computer reports here that the approach was finally taken up by Yao Xiao from the Chromium project. Xiao has published the details of the design and core principle of the feature in a public Google Docs document called Preventing Drive-By-Downloads in Sandboxed Iframes.