We plan to prevent downloads initiated from ad frames that lack a user gesture ('drive-by downloads'). Removal is expected in Chrome 76.

Motivation

Downloads don't make sense with ads. It happens very rarely in practice and is also difficult to reproduce, which implies that a very small amount of ads are doing automatic downloads. Blocking downloads in ad frames without user gestures will make the web more secure. Apart from security concerns, it would be a more pleasant user experience for a click to trigger a download on the same page, compared with downloads started automatically when landing at a new page, or started non-spontaneously after the click.

Documentation

• Design Doc:
• https://docs.google.com/document/d/1fBa8nwvb9g21KTji_kIDHzd7FjCb72pVf33MSb9jSWY

Status in Chromium

Blink components: UI>Browser>Downloads

In development (tracking bug)

Consensus & Standardization

• Firefox: No signal
• Edge: No signal
• Safari: No signal
• Web Developers: No signals

Owner

• yaoxia@chromium.org

Comments

Ads are identified by Chromium's AdTagging infrastructure: https://cs.chromium.org/chromium/src/docs/ad_tagging.md

Search tags

Last updated on 2021-01-13