Google Mulls Chrome Feature To Block Embedded Browser Cryptocurrency Miners

An increasing number of websites have turned to embedded cryptocurrency mining to generate revenue in place of (or in addition do) ads. One of the problems with this approach is that websites are not always transparent about this. And in other cases, legitimate websites that have been hacked could be running mining software on visitors' PCs without their knowledge. This has gotten the attention of Google, which is considering ways to prevent mining software from running in its Chrome browser.

Websites that take this approach use an online JavaScript-based miner called Coin Hive. What this does is inject JavaScript code into browsers to mine Monero, a form of cryptocurrency. Depending on how many instances of Coin Hive are running and how it is configured, a visitor to a website could be forking over anywhere from a small portion of CPU cycles to 100 percent uses in especially egregious scenarios.

Stop

One of the developers for Chrome has suggested a way to block this from happening. His proposal is to basically throttle tasks when a site causes CPU usage to spike. Here is what he said:
"If a site is using more than XX percent CPU for more than YY seconds, then we put the page into 'battery saver mode' where we aggressively throttle tasks and show a toast allowing the user to opt-out of battery saver mode. When a battery saver mode tab is backgrounded, we stop running tasks entirely.

I think we'll want measurement to figure out what values to use for XX and YY, but we can start with really egregious things like 100 percent and 60 seconds.

I'm effectively suggesting we add a permission here, but it would have unusual triggering conditions (e.g. no requestUseLotsOfCPU method). It only triggers when the page is doing a likely bad thing."
Another suggestion that was brought up was to use a permission-based system, in which Chrome users would be able to green light browser mining on certain sites. However, another developer argued against the idea, saying "the mining library can throttle itself to stay just under the line, while legitimate applications will now trigger annoying permission popups."

He also pointed out that there are several extensions that can block miners, and that Google shouldn't fuss about baking this ability into Chrome. It will be interesting to see if that perspective wins out, or if Google ultimately decides to take matters into its own hands.

Via:  Google
Show comments blog comments powered by Disqus