Google is making some changes to better protect Chrome users from malicious extensions. Recently, Google has been working to make Chrome extensions safer. They no longer allow users to install extensions from outside the Chrome Web Store and they removed extensions that were using cryptocurrency mining scripts. Today, they are announcing even more changes.
Currently, extensions have a lot of power. They can automatically read and change data on any website you visit. There’s are tons of awesome uses for this, but it can easily be abused. Google wants to gives users more control over these powers. Today, Google is announcing the following changes to make extensions more secure:
- User controls for host permissions: Beginning in Chrome 70, users will have the choice to restrict extension host access to a custom list of sites, or to configure extensions to require a click to gain access to the current page.
- Changes to the extensions review process: Going forward, extensions that request powerful permissions will be subject to additional compliance review.
- New code readability requirements: Starting today, Chrome Web Store will no longer accept new extensions that contain obfuscated JavaScript files, including any external code or resource fetched by the extension package
- Required 2-step verification: In 2019, enrollment in 2-Step Verification will be required for Chrome Web Store developer accounts.
- Manifest v3: In 2019, we will introduce the next version of the extensions platform.
New option when you right-click an extension
Google says there are now over 180,000 extensions in the Chrome Web Store. With Android apps on Chromebooks, extensions have become a little less important. But for desktop users, the Chrome Web Store remains to be a valuable asset. Google says nearly half of all Chrome users actively use extensions. You can see why it’s so important to make sure these extensions are behaving properly.
0 comments:
Post a Comment