However there is also the danger of these websites running malicious JavaScripts where it would automatically force a download on the user, also known as “drive-by-downloads”. However this is something that Google is hoping to prevent as well because in a report from Bleeping Computer, Google is building protection against such practices in upcoming versions of Chrome.
This was actually detailed by Chromium’s Yao Xiao in a public Google Docs document where it was written, “Content providers should be able to restrict whether drive-by-downloads can be initiated for content in iframes. Thus, we plan to prevent downloads in sandboxed iframes that lack a user gesture, and this restriction could be lifted via an ‘allow-downloads-without-user-activation’ keyword, if present in the sandbox attribute list.”
This sounds like it would be an immensely useful tool at protecting users who might not otherwise be aware that such dangers exist. There is no word on when the feature is expected to be released, but we’ll keep an eye out for it.
Image source – Maxpixel.net