Google has announced stricter measures for Google Chrome that will protect users from extensions which could violate their privacy or maliciously attack their system. The changes which were announced on Monday will further protect users from extensions with codes that secretly mine cryptocurrency otherwise known as cryptojacking.
User Controls for Extension Permissions
The new version of Chrome will include controls that allow users to limit the permissions each extension has access to. As Google explained:
“It’s crucial that users be able to trust the extensions they install are safe, privacy-preserving, and performant. Users should always have full transparency about the scope of their extensions’ capabilities and data access.”
Stricter Review for Extensions
Google also introduced new requirements for extension reviews before they are made available to users. It announced “additional compliance review” and monitoring for extensions with “powerful permissions”, and use remotely hosted code.
“While host permissions have enabled thousands of powerful and creative extension use cases, they have also led to a broad range of misuse – both malicious and unintentional,” it explained.
While making it compulsory for developer accounts to use 2-step verification for security, Google banned extensions which had hidden or obfuscated codes in them. It explained that they constituted 70 percent of “malicious and policy-violating extensions.”
As Smartereum reported, Google had banned cryptocurrency mining extensions from Chrome in April as they were abused by scammers and hackers as the mining scripts are usually interlaced with codes to continue mining in the background without the user’s knowledge. By eliminating extensions with secret codes, Google would be preventing cryptojacking on the Chrome.
The changes will be effective in its next version, Chrome 70 which is undergoing beta testing. Developers were given three months to comply with the new rules.