Google Chrome May Add a Permission to Stop In-Browser Cryptocurrency Miners

Google Chrome engineers are considering adding a special browser permission that will thwart the rising trend of in-browser cryptocurrency miners.

Discussions on the topic of in-browser miners have been going on the Chromium project’s bug tracker since mid-September when Coinhive, the first such service, launched.

A permission to block JS code that ramps up CPU usage

To Bleeping Computer’s knowledge, there have been at least two complaints (bug reports) from concerned Chrome users that did not like having their resources hijacked by in-browser miners.

“Here’s my current thinking,” Ojan Vafai, a Chrome engineering working on the Chromium project, wrote in one of the recent bug reports.
If a site is using more than XX% CPU for more than YY seconds, then we put the page into “battery saver mode” where we aggressively throttle tasks and show a toast [notification popup] allowing the user to opt-out of battery saver mode. When a battery saver mode tab is backgrounded, we stop running tasks entirely.

I think we’ll want measurement to figure out what values to use for XX and YY, but we can start with really egregious things like 100% and 60 seconds.

I’m effectively suggesting we add a permission here, but it would have unusual triggering conditions […]. It only triggers when the page is doing a likely bad thing.

Discussions on this bug report are still ongoing, and Vafai’s suggestion has not been formally approved, even if another engineer thought it a good idea.

Google can’t block in-browser miners via a blacklist

The potential of having a browser permission to block JavaScript tasks that cause high-usage CPU operations for extended periods is a step forward.

In another bug report filed in mid-September, Google engineers shut down the idea of blocking a miner’s JavaScript code at the browser level via a blacklist as being impractical.

“We cannot, realistically, fingerprint and block this pattern of computation,” said Adam Langley, a Chrome engineering working on the Chromium project. “[W]eb sites will be able to outrun us by mutating the code. Blocking the loading of these scripts is thus something for extensions.”

For now, Chrome users can block in-browser miners via extensions like AntiMiner, No Coin, and minerBlock. Some ad blockers and antivirus products can also block some of these miners.
October 19, 2017