Google Considers Adding a Permission to Block Cryptocurrency Miners Hijacking Browsers
A growing number of website operators are shifting to use in-browser cryptocurrency miners to replace ads. But the mining scripts recommend websites to take consent from their users before minting money off of their resources. While the mining tools promote this business as a way to replace online ads, so far the scripts have been predominantly used either by the cybercriminal community or by the legitimate companies and websites, but without informing their visitors.
Here at Wccftech too, we had to deal with a similar issue when the firm responsible for our newsletters pushed a cryptocurrency miner without our knowledge. While we did remove the script once we learned about it, the episode shows how even the legitimate companies are falling for these miners infecting their own clients as these scripts are extremely easy to use. In our earlier reports on cryptocurrency miners, we have advised users who don’t want websites to use their computer resources to opt for Chrome extensions like AntiMiner that block these scripts. Some anti-virus programs and adblockers have also started to block cryptocurrency miners.
But what if there was an easier solution to this problem that could block miners until the industry is better equipped to “legitimately” replace ads with miners with user consent?
Google considers in-browser permissions to block cryptocurrency miners
Engineers at Google are now looking to add a permission in Chrome to automatically block browser cryptocurrency miners. When asked by users on a bug report (spotted first by BleepingComputer), Ojan Vafai, a Chrome engineer, mentioned about such a possibility saying that “we should do something about it.” Asking users about possible solutions, he proposed to throttle tasks when a site uses CPU resources aggressively.
If a site is using more than XX% CPU for more than YY seconds, then we put the page into “battery saver mode” where we aggressively throttle tasks and show a toast allowing the user to opt-out of battery saver mode. When a battery saver mode tab is backgrounded, we stop running tasks entirely.
I think we’ll want measurement to figure out what values to use for XX and YY, but we can start with really egregious things like 100% and 60 seconds.
I’m effectively suggesting we add a permission here, but it would have unusual triggering conditions (e.g. no requestUseLotsOfCPU method). It only triggers when the page is doing a likely bad thing. raymes, does that sound bad to you?
It is quite early to hope for such a functionality since the discussion has only recently started around the growing use of cryptocurrency miners. But looking at how criminals have aggressively started using miners to attack websites and users, it wouldn’t be surprising to see a non-extension based solution coming from the browser makers very soon.