There is a reason why it has been advised that users should not visit suspicious looking websites or click on suspicious links. Google has recently attempted to educate users on the dangers of that where these links could try to get users to give up their passwords to their banks and so on.
This was actually detailed by Chromium’s Yao Xiao in a public Google Docs document where it was written, “Content providers should be able to restrict whether drive-by-downloads can be initiated for content in iframes. Thus, we plan to prevent downloads in sandboxed iframes that lack a user gesture, and this restriction could be lifted via an ‘allow-downloads-without-user-activation’ keyword, if present in the sandbox attribute list.”
This sounds like it would be an immensely useful tool at protecting users who might not otherwise be aware that such dangers exist. There is no word on when the feature is expected to be released, but we’ll keep an eye out for it.