Google To Lock Down The Chrome Extensions

Google is taking action to improve the security of the Chrome Web Store, adding new security and fix down on unsecured practices.

The Chrome Web Store, that allows users to add extensions to their Chrome browser, has a somewhat irregular reputation for security, and has frequently been found to hosting malevolent extension that silently observe on users and loot their personal data.

Regarding Chrome extensions, Google announced many changes, some of which are effectively immediately and some of which taking effect in coming months.

Google explained the reasoning behind this change in its blog post:

“While host permissions have enabled thousands of powerful and creative extension use cases, they have also led to a broad range of misuse- both malicious and unintentional- because they allow extension to automatically read and change data on websites. Our aim is to improve user transparency and control over when extensions are able to access site data. In subsequent milestones, we’ll continue to optimize the user experience toward this goal while improving usability.”

The tech tycoon is aiming to stamp this out, and introducing new secure privacy and security features such as a tougher permission's system. In new system extension will not work automatically, the system allow users to specify if they want to run extension on specific sites, all sites or to only run when the extension is clicked by the users. This system reduces the chance an extension could gather data of the users.

The new secure system is the part of Google Chrome Version 70, which is due to general release this month. The new changes will get user trust on Chrome Extensions.

There are many malicious and unsecured extensions on chrome that contain obfuscated code. Google will block all the extensions that have obfuscated code because obfuscation is manly used to steal the user data without their permission. These extensions will not be allowed to be submitted to the web store, and existing extensions that use it has 3 months to replace it before they removed. The removal malicious extensions from chrome store will likely bring performance benefits and improve users security.