Tweak to Chrome Performance Will Indirectly Stifle Cryptojacking Scripts

Haythem Elmir

A change meant to improve Google Chrome performance will also indirectly impact cryptojacking scripts (in-browser cryptocurrency miners) and will severely reduce their efficiency.

According to a design document seen by Bleeping Computer, Google engineers plan to limit the CPU power some types of JS scripts running in the browser’s background will be able to use.

Throttling system already in place

A throttling system for JavaScript background code is already included in Chrome since version 57, released in March 2017.

Back then, Google decided to limit a background tab’s JavaScript « timer » operations to no more than 1% of a CPU core.

Google made the move to prevent background tabs from running JavaScript code that was not needed or did not produce visible results for the end user.

Throttling system expanded to service workers

Now, Google is expanding this throttling mechanism to service workers (JavaScript code that a browser runs in the background).

JavaScript-based cryptocurrency miners —such as the ones provided by Coinhive, Crypto-Loot, and all similar services— rely on service workers.

The same limitation applies, and JavaScript service workers running in background tabs will not be able to access more than 1% of the entire CPU processing power. This means cryptojacking scripts won’t be able to run rampant and drive CPU usage to 100% if the user changes to another tab.

Change is part of a bigger (unrelated) plan

Last year, Google publicly announced it was going to throttle background JavaScript service workers, so Google did not make this change as part of a move to block or reduce the efficiency of cryptojacking scripts.

Even if this change is part of a master plan to improve Chrome performance, Google engineers are particularly happy that this will impact cryptojackers as well.

« The goal of this intervention is to prevent scripts (particularly malicious ones) to adversely affect browsing performance and battery life for work users can’t see, » wrote Google engineers in the design document.

« This intervention also addresses the recent rise of malicious scripts performing power-heavy computations without user permission (e.g. cryptocurrency mining), » they also added.

Here are the current particularities of Google’s implementation plan:[….]

To read the original article:

Laisser un commentaire

Next Post

How to track smartphone users when they’ve turned off GPS

As it turns out, turning off location services (e.g., GPS) on your smartphone doesn’t mean an attacker can’t use the device to pinpoint your location. A group of Princeton University researchers has devised of a novel user-location mechanism that exploits non-sensory and sensory data stored on the smartphone (the environment’s […]