Google Chrome extensions have been both boon and bane to its users. There are currently more than 1,80,000 extensions available in use such as for blocking adds, checking grammar, managing passwords and so on. On one side of the coin, they offer advantages to the user to gain firm control of the browser. On the other hand, the extensions also happen to be the main source for malicious developers who seem to use it as a window to gain access to the user’s data. With a view to offer a sizeable control of the extensions and to crack down malicious extensions Google today announced a slew of new changes. The changes also include instructions to the developers who wanted to make their way into the chrome web store.
Over the years, Google has taken all the necessary steps and improved its ability to detect malicious extensions before they make their way to the Chrome web store. With the new changes, Google has taken this a bit further to ensure better control of the extensions. Now, Google allows you to control the access of extensions to all the websites you browse. You can chose a list of websites that allow extension to have control over them. So, each time before they run, they need to seek the permission of the user to proceed further.
Further, Google closely scrutinises the applications that asks for a lot of permissions and are now subject to a more thorough review process. Also, it rejects the extensions that come with obfuscated code (encrypted code that is hard to read). Most of the developers use obfuscated code to hide their code, hence preventing the hackers from stealing their code. But now Google removes all the extensions possessing obfuscated code with in 90 days.
Starting from 2019, it require extension developers to make sure of the two-factor authentication, so as to prevent the malicious players to hack a developer account and publish a hacked extension. Also, Google would introduce new mechanisms and narrowly scoped APIs that reduce the need for broader permissions and will give users more control over the access they grant to the extensions.