03 Oct 2018 Josphat Kariuki
Google Announces Chrome Extension Enhancements to Protect from Hackers and Miners
The users will soon enjoy improved security and get better protection against malicious software. That includes tools used by dubious users for stealing cryptocurrencies, hidden miners and others.
Google Improvements Aimed at Boosting the Security of Chrome Extensions
Recognizing the importance of users to trust the security of their extensions, Google has recently moved to enhance its popular web browser. New chrome extensions will have improved detection of malicious add-ons by using machine learning techniques.
Now that Google has announced improvements intended to make Chrome extensions trustworthy by default, users will be safe against hidden mining and crypto jacking. According to a Chromium blog post, Chrome 70 (or above) users will have the power to restrict the access of various extensions to their desired list of sites. Additionally, users will have the ability to configure their extensions to ask for permission when trying to access a certain page.
The improvements will be very helpful, given that host permissions give extensions the power to read and make changes to data on websites. That may result in malicious use.
According to Google, the company aims at encouraging user transparency and control over the extensions that access site data. The company also promises to continue optimizing the user experience, while promoting usability. Google further explains that they want to ensure that extensions requesting extra permissions are subject to additional compliance. The team working on the changes is also using a remote hosted code to examine extensions closely.
While addressing developers, Google stated that extension’s permissions should have a very narrow scope. The company further added that the entire code should be directly included in the extension to reduce the review time.
Two-Step Authentication for Chrome Web-Store Developers
As Google continues to make changes in their rules, a review process for authenticating new extensions has also been introduced. Chrome web store will not feature any extensions that have obscured code. This new policy applies for all new submissions and relates to the code featured in the extension package. The policy also pertains to any external code and other resources on the internet.
According to Google, current extensions with obscured code will have 90 days to submit updates. Failure to implement the changes will result in the extensions being dropped from the Chrome Web Store as of January 2019. The company also revealed that 70% of their blocked extensions contain obscured code.
Other changes include the introduction of the two-step authentication, mandatory for all developer accounts. The measure will boost the security of the users and protect them against hacking. Google is also planning to introduce additional changes in 2019 to enhance security, performance and privacy, as part of the upcoming extension manifest.
The current manifest release (Manifest V3) will feature narrowly-scoped API’s and also decrease the need for having overly-broad access. Moreover, it will feature a simple control mechanism for user-granted permissions.