A new research shows that secure contexts such as sandboxed iframes can be abused to allow drive-by-downloads when visiting a website. The technique can be used to distribute unwanted software and malicious programs in the hopes that users will accidentally or mistakenly execute the downloads and get infected. With the release of Chrome 83, downloads are blocked in sandboxed cross-origin iframs, and the drive by-download technique did not work. Chrome 83 and Microsoft Edge 83 both allow it to block downloads, but Firefox and Brave browsers still allow it.
Source: https://www.bleepingcomputer.com/news/security/web-browsers-still-allow-drive-by-downloads-in-2020/