Mining for cryptocurrency in web browsers is not a new thing, but recently some service providers like Coin Hive have arrived as alternatives to more traditional and intrusive ads making it super trivial to add to any website and more providers are popping up on a weekly basis.

Coin Hive is theoretically a good option, I may not opt for it on my sites but it’s cool that alternatives are being worked on.

The problem is that it’s going to be used as malware, it’s very likely to be injected into advertising networks that allow JavaScript to run or the payload of any cross side scripting attack.

In response to this, there’s an on-going thread on the Chromium Bug Tracker on intervening with pages that have a high CPU usage.

Ojan Vafai, the engineer assigned to Triage the issue replies

Here's my current thinking:

If a site is using more than XX% CPU for more than YY seconds, then we put the page into "battery saver mode" where we aggressively throttle tasks and show a toast allowing the user to opt-out of battery saver mode. When a battery saver mode tab is backgrounded, we stop running tasks entirely.



I think we'll want measurement to figure out what values to use for XX and YY, but we can start with really egregious things like 100% and 60 seconds.



I'm effectively suggesting we add a permission here, but it would have unusual triggering conditions

An immediate side effect of this would be that it could also catch web games and other real time applications, throttling those might have users thinking “oh this game is a piece of crap” and never look back.

It also got me thinking, should Chrome, a product from Google which is primarily in advertisement really be blocking alternative to ads? Keep in mind that ad-blocking extensions already block sites like Coin Hive.