Upcoming Chrome Web Store Changes Will Help Protect You From Malicious Extensions

Author Photo
Oct 1, 2018
12Shares
Submit

Google Chrome extensions, like all things on the internet, are inherently useful but a few bad apples here and there muddy the waters. Thankfully, Google is aware of the issue and has been working to make Chrome extensions safer. They no longer allow users to install extensions from outside the Chrome Web Store, which might seem tad overkill, but necessary. Additionally, they even removed extensions that were using cryptocurrency mining scripts.

screen-shot-2017-10-18-at-7-57-48-pmRelated Chrome 64 Automatically Cleans Up URLs When You Share Them

Today, they are announcing even more changes. In their present state, extensions can automatically read and change data on any website you visit. The scope of such power is extremely useful but can be malicious at times. Google wants to gives users more control over these powers. Google is announcing the following changes to make extensions more secure:

  1. User controls for host permissions: Beginning in Chrome 70, users will have the choice to restrict extension host access to a custom list of sites, or to
    configure extensions to require a click to gain access to the current page.
  2. Changes to the extensions review process: Going forward, extensions that request powerful permissions will be subject to additional compliance review.
  3. New code readability requirements: Starting today, Chrome Web Store will no longer accept new extensions that contain obfuscated JavaScript files,
    including any external code or resource fetched by the extension package
  4. Required 2-step verification: In 2019, enrollment in 2-Step Verification will be required for Chrome Web Store developer accounts.
  5. Manifest v3: In 2019, we will introduce the next version of the extensions platform.

Google says there are now over 180,000 extensions in the Chrome Web Store. For most desktop users, the Chrome Web Store is an integral part of their browsing experience. A seemingly innocuous extension hiding something malicious could slip by the untrained eye and it is essential that there are measures in place that prevent this.

Source: XDA developers

Submit