Google is doubling down on extensions for Chrome. The company is improving both the security for Chrome extensions, as well as taking actions to improve user’s privacy and give them increased control.
Starting with Chrome 70, Chrome will offer users with an option to directly control an extension’s access to read data from the sites they visit. Users will be able to limit an extension’s access to a specific domain, or all domains, or simply allow access when they manually click on the extension on a domain. This will ensure extensions aren’t randomly accessing users’ data when it’s not required, protecting their data and providing improved privacy.
“While host permissions have enabled thousands of powerful and creative extension use cases, they have also led to a broad range of misuse – both malicious and unintentional – because they allow extensions to automatically read and change data on websites. Our aim is to improve user transparency and control over when extensions are able to access site data,” the company said.
Going forward, Google will also ensure Chrome extensions follow industry standards. For extensions that require extensive permissions, Google will require them to go through a manual review process, while new code reliability requirements are being introduced to eliminate extensions with obfuscated code. The company says it will also require two-factor verifications for developers building Chrome extensions to prevent attackers taking over popular extensions. In a related note, Google’s next version of extensions’ manifests, Manifest v3, will offer more granular permissions access, as well as support for modern tech like service workers. the company announced.
Google’s focus on improving user’s privacy with the upcoming changes to Chrome will be more than appreciated. Chrome extensions often take advantage of users without them even knowing, and malicious extensions often destroy users’ privacy. The upcoming changes could help change that, especially now that things are a lot more transparent now.