Google Chrome Extensions Are About to Get More Secure

Google is doubling down on extensions for Chrome. The company is improving both the security for Chrome extensions, as well as taking actions to improve user’s privacy and give them increased control.

Starting with Chrome 70, Chrome will offer users with an option to directly control an extension’s access to read data from the sites they visit. Users will be able to limit an extension’s access to a specific domain, or all domains, or simply allow access when they manually click on the extension on a domain. This will ensure extensions aren’t randomly accessing users’ data when it’s not required, protecting their data and providing improved privacy.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

“While host permissions have enabled thousands of powerful and creative extension use cases, they have also led to a broad range of misuse – both malicious and unintentional – because they allow extensions to automatically read and change data on websites. Our aim is to improve user transparency and control over when extensions are able to access site data,” the company said.

Going forward, Google will also ensure Chrome extensions follow industry standards. For extensions that require extensive permissions, Google will require them to go through a manual review process, while new code reliability requirements are being introduced to eliminate extensions with obfuscated code. The company says it will also require two-factor verifications for developers building Chrome extensions to prevent attackers taking over popular extensions. In a related note, Google’s next version of extensions’ manifests, Manifest v3, will offer more granular permissions access, as well as support for modern tech like service workers. the company announced.

Google’s focus on improving user’s privacy with the upcoming changes to Chrome will be more than appreciated. Chrome extensions often take advantage of users without them even knowing, and malicious extensions often destroy users’ privacy. The upcoming changes could help change that, especially now that things are a lot more transparent now.

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 5 comments

  • dontbe evil

    02 October, 2018 - 5:03 am

    <p>google, chrome and secure in the same sentence</p><p><br></p><p>BHAUHAUHAUAHUAUAHAUAH</p>

    • locust infested orchard inc

      03 October, 2018 - 7:13 am

      <blockquote><em><a href="#337269">In reply to dontbe_evil:</a></em></blockquote><p>Yeah, an oxymoron.</p>

  • RM

    02 October, 2018 - 7:56 am

    <p>Sounds like Google might be trying to make people believe it cares about privacy, when it really only cares if third parties get access to personal data. Google wants all of your personal data that it can get away with. If only Google has your personal data, it has the advantage over other competitors/partners.</p>

    • Chris_Kez

      Premium Member
      02 October, 2018 - 9:55 am

      <blockquote><em><a href="#337303">In reply to RM:</a></em></blockquote><p>Kind of like how Google is now working to block "bad" ads. This way people are less inclined to use a real ad blocker, and Google can serve up all of their ads unencumbered.</p>

  • MikeGalos

    02 October, 2018 - 10:47 am

    <p>Shouldn't that headline be "Google claims to finally fix massive security holes in Chrome extensions"?</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC