ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Saturday Nov 25th 2017
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Event

Submit an event for consideration on ETHNews

Submit Event

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Events
Contact Us

Google Devs Considering Chrome Permission To Block 'Malvertising' Attempts

By

Adam

Reese

WriterETHNews.com

A Google developer has proposed changes to the Chrome browser that could hinder or even prevent malvertising attacks.

In an October 19 post on a bug tracking forum, Google software engineer Ojan Vafai proposed a modification to the company’s Chrome browser that would inhibit and potentially prevent “malvertising,” the practice by which code on a webpage hijacks visitors’ browsers for cryptocurrency mining.

The thread on which Vafai commented began with a September 18 post about unauthorized mining that was being executed by code from the software firm Coin Hive, which had debuted its flagship mining product four days earlier. Subsequent comments make reference to the emergence of knock-off businesses offering a service similar to Coin Hive’s.

Vafai’s recommendation to combat the issue is as follows:

“If a site is using more than XX% CPU for more than YY seconds, then we put the page into ‘battery saver mode’ where we aggressively throttle tasks and show a toast allowing the user to opt-out of battery saver mode. When a battery saver mode tab is backgrounded, we stop running tasks entirely.

I think we'll want measurement to figure out what values to use for XX and YY, but we can start with really egregious things like 100% and 60 seconds.

I'm effectively suggesting we add a permission here, but it would have unusual triggering conditions (e.g. no requestUseLotsOfCPU method). It only triggers when the page is doing a likely bad thing.”

In other words, this solution would equip chrome to recognize suspicious activity and take action to significantly impact the amount of processing power that mining software could appropriate by subjecting the culprit page to a setting that limits CPU usage. Chrome would simultaneously offer users the option to exit this power-saving state. Should they choose to exercise it, the browser would refuse to perform all tasks requested by the page, including mining. 

There has been no indication yet of whether Google intends to implement any protections against malvertising, much less if an eventual plan would resemble Vafai’s prescriptions, but one fellow Google employee on the thread expressed enthusiasm for the proposal. 

ETHNews has previously reported on malvertising schemes, including one in late September 2017 that used Coin Hive’s code to conscript the browsers of visitors to certain Showtime websites into mining the cryptocurrency Monero. About a week earlier, one or more administrators of the file downloading site The Pirate Bay introduced the code on their own website.

Earlier this year, a malvertising scheme affecting computers mostly located in Eastern Europe and Central Asia commandeered the web browsers of visitors to certain gaming and video-streaming sites in order to mine the cryptocurrencies Feathercoin and Litecoin. In July, a security breach at San Francisco State University saw a number of malware files, including bitcoin mining software, end up on the school’s servers. And in September, Russian cybersecurity firm Kaspersky announced that between January and August 2017, its products protected 1.65 million users from malicious mining software. 

Adam Reese

Adam Reese is a Los Angeles-based writer interested in technology, domestic and international politics, social issues, infrastructure and the arts. Adam is a full-time staff writer for ETHNews and holds value in Ether.

ETHNews is commited to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Google, malvertising or other Ethereum technology news.