Google Chrome

This year has seen many crypto related attacks in many countries throughout the world. Even though companies and governments are taking measures, the attacks seem to be increasing. Now it’s time for a mega-corporation to step in. Google has decided to enforce stricter rules for Google Chrome extension developers. This move will reduce the risk of mining malware and other forms of crypto attacks. The developers aim to ensure the safety of the casual Google Chrome users.

Google Chrome will enforce stricter rules for extensions

The announcement came in the form of a blog post and it stated:

It’s crucial that users are able to trust the extensions they install on Google Chrome. They must be safe, performant and privacy preserving. It’s important that users have full transparency about their extensions’ capabilities and data access at all times.”

The changes, which Google is planning will affect the way Chrome handles extensions, which request extensive permissions. Goggle will also be tightening the rules for developers, who wish to distribute their extensions through the official Google Chrome Web Shop.

Chrome 70, which is currently in its beta phase, will allow users to restrict the extensions’ access to specific websites. Users will also be able to make extensions require permission every single time they try to gain access to a website. Permissions who are deemed to be “very powerful” will also be subject to an additional compliance review.

Google bases their reasoning behind the move on the increasing misuse of permissions. While permissions have allowed for many creative uses of extensions, they’ve also caused a lot of harm. Some of it unintentional, but serious nonetheless. Google stated that starting October 1st, the Web Shop will remove all extensions with a hidden or obfuscated code. All extensions sharing the description will have 90 days in order to comply with the requirements.

This is a great step towards security because according to the blog post, more than 70% of the extensions, who cause users harm, contain obfuscated code. The prime use of this code is to conceal some of the code’s intended functions. Naturally, this will increase the complexity of Google’s extension review process.

A final step will be added as a security measure next year. Starting 2019, all developer accounts will be protected by a 2-step verification. This will lower the risk of hackers taking over extension developers’ accounts.

With the frequent cases of user computers being used to mine cryptocurrencies, Google had no choice but to step in. Hopefully the new measures will be enough to counteract the huge growth in mining malware.

Read more:

Share This
Inline
Inline