Cryptocurrency world has suffered a lot from the hackers.
Now, a new "disease" is so-called “malvertising", which uses online ads as channels to transmit script that causes visitors’ browsers to mine altcoins for the perpetrator.
Google software engineer, Ojan Vafai, proposes a modification to the Chrome browser that would inhibit and potentially prevent malvertising.
A modification for malvertising prevention
Initially, the man commented on the post about unauthorized mining that was being executed by code from the software firm Coin Hive, which had debuted its flagship mining product four days earlier. Thus, Vafai gives some recommendation to combat the issue.
If a site is using more than XX% CPU for more than YY seconds, then we put the page into ‘battery saver mode’ where we aggressively throttle tasks and show a toast allowing the user to opt-out of battery saver mode. When a battery saver mode tab is backgrounded, we stop running tasks entirely. I think we'll want measurement to figure out what values to use for XX and YY, but we can start with really egregious things like 100% and 60 seconds. I'm effectively suggesting we add a permission here, but it would have unusual triggering conditions (e.g. no requestUseLotsOfCPU method). It only triggers when the page is doing a likely bad thing.
Google software engineer
In other words, the solution would equip Chrome to recognize suspicious activity and take action to significantly impact the amount of processing power that mining software could appropriate by subjecting the culprit page to a setting that limits CPU usage. Chrome would simultaneously offer users the option to exit this power-saving state.
Yet it is rather unclear whether Google intends to implement any protections against malvertising or not. Still, the proposal has already drawn a lot of attention.