Google Chrome Extensions Are About to Get More Secure

Posted on October 1, 2018 by Mehedi Hassan in Google with 5 Comments

Google is doubling down on extensions for Chrome. The company is improving both the security for Chrome extensions, as well as taking actions to improve user’s privacy and give them increased control.

Starting with Chrome 70, Chrome will offer users with an option to directly control an extension’s access to read data from the sites they visit. Users will be able to limit an extension’s access to a specific domain, or all domains, or simply allow access when they manually click on the extension on a domain. This will ensure extensions aren’t randomly accessing users’ data when it’s not required, protecting their data and providing improved privacy.

“While host permissions have enabled thousands of powerful and creative extension use cases, they have also led to a broad range of misuse – both malicious and unintentional – because they allow extensions to automatically read and change data on websites. Our aim is to improve user transparency and control over when extensions are able to access site data,” the company said.

Going forward, Google will also ensure Chrome extensions follow industry standards. For extensions that require extensive permissions, Google will require them to go through a manual review process, while new code reliability requirements are being introduced to eliminate extensions with obfuscated code. The company says it will also require two-factor verifications for developers building Chrome extensions to prevent attackers taking over popular extensions. In a related note, Google’s next version of extensions’ manifests, Manifest v3, will offer more granular permissions access, as well as support for modern tech like service workers. the company announced.

Google’s focus on improving user’s privacy with the upcoming changes to Chrome will be more than appreciated. Chrome extensions often take advantage of users without them even knowing, and malicious extensions often destroy users’ privacy. The upcoming changes could help change that, especially now that things are a lot more transparent now.

Tagged with ,

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (5)

5 responses to “Google Chrome Extensions Are About to Get More Secure”

  1. dontbe evil

    google, chrome and secure in the same sentence


  2. RM

    Sounds like Google might be trying to make people believe it cares about privacy, when it really only cares if third parties get access to personal data. Google wants all of your personal data that it can get away with. If only Google has your personal data, it has the advantage over other competitors/partners.

    • Chris_Kez

      In reply to RM:

      Kind of like how Google is now working to block "bad" ads. This way people are less inclined to use a real ad blocker, and Google can serve up all of their ads unencumbered.

  3. MikeGalos

    Shouldn't that headline be "Google claims to finally fix massive security holes in Chrome extensions"?