For some time now we’ve been seeing companies like Google and Firefox working to make their extensions more reliable. Mainly after the latter had problems with 23 of their extensions because they took private data from users. In turn, Google was not left behind and, after detecting several misleading extensions has chosen to integrate improvements around the security of these applications.
In this context, James Wagner, product manager of Chrome Extensions, said in a post on Google’s blog that new measures will be added to ensure the security of Chrome users who have access to the more than 180,000 extensions of the webshop.
“Google will provide more security and privacy to the 180,000 Chrome Web Store extensions.” For this reason, Mountain View has announced the creation of several rules to make its extensions more secure and reliable. This new feature will be integrated into Google Chrome version 70, which will be released later this month. Although these changes include general access to your browser data, there will soon be an option to whitelist sites that can be accessed.
Another Google measure is the two-step review that developers should enable in their Chrome Web Store accounts to add an additional layer of protection against attackers who want to compromise their account by sending malicious copies of their extensions to the shop.
In addition, the company plans to add an online installation, automatic learning-based blocking of malicious extensions, and process-independent iframes. But that won’t be all, because Google is planning a new manifesto of extensions in 2019, called Manifesto v3, which will include “guarantees of security, privacy, and performance more robust”.