This type of attack is called “drive-by download” and has been used by cybercriminals for many years. With their help, malware is downloaded at the moment when the user visits a site on the pages of which a special code is placed. Malicious code placed on such sites initiates an automatic download or asks for permission, and if confirmed, malware is delivered to the victim’s PC. Depending on which browser function the attackers are using, these types of attacks can be different from each other.

The developers of popular browsers such as Chrome and Firefox have integrated various automatic file download protection tools into their products over the years. However, it turned out to be not so easy to provide complete protection, since developers cannot block legitimate web functions, and also because attackers regularly identify new vulnerabilities and use them in their attacks.  

The next step in this direction was blocking downloads, initiated by “isolated frames” (iframes), which are often used to load ads and widgets on different sites. Blocking loading from iframes first appeared in Chrome 73, which was released in March 2019. In May of this year, Google released Chrome 83, from which this feature was completely removed.