15 stories
today

Google plays nice, wants to protect Windows users from malicious Chrome extensions

Google plays nice, wants to protect Windows users from malicious Chrome extensions

While the majority of Windows customers stick with Internet Explorer, a certain percentage opt for alternatives like Mozilla Firefox or Google’s Chrome web browser. One of the big selling points for both is the sheer number of extensions available. If there is something you want to do, chances are there is an extension (or multiple ones) available to help you accomplish it.

This capability and freedom has a darker side, though. Free software has become notorious for coming along with toolbars and extensions and many customers click past the warnings without taking the time to see what they are saying “ok” to. Search preferences get changed, unwanted pop-up ads appear and sometimes there are even worse outcomes.

Now Google is riding in on its white horse to save the day. Or at least it plans to — if you can manage to not get attacked before early next year. “We’re announcing a stronger measure to protect Windows users: starting in January on the Windows stable and beta channels, we’ll require all extensions to be hosted in the Chrome Web Store”, states Erik Kay, Engineering Director at Google.

The search giant points out that it will continue to support local extension installs during development, as well as installs via enterprise policy, and that all Chrome Apps will also continue to be supported normally. Developers who are hosting apps outside of the Chrome web store are on warning to move their apps into the store as soon as possible. Google promises “there will be no impact to your users, who will still be able to use your extension as if nothing changed. You could keep the extensions hidden from the Web Store listings if you like. And if you have a dedicated installation flow from your own website, you can make use of the existing inline installs feature”.

There is a long history of customers being bit by unwanted extensions. While not all of them are malicious, it has become a major problem none-the-less, and Google’s move to eradicate this issue is long overdue. Bad guys may still find a work-around, but this is a start.

Further reading: ,