Google Bans Obfuscated Chrome Extensions to Cryptojackers’ Woe
Technology behemoth Google announced it will be taking crucial steps to ban any browser extensions that could potentially be targeting internet users’ digital assets.
According to a recent press release, the company announced some of their upcoming plans to provide Chrome user’s with even more privacy and security when adding extensions to their browsers. And, not only will they be banning new extensions, but they will also be delisting all existing extensions that run any crypto mining scripts.
In the report, Google stated that “We’ve recently taken a number of steps toward improved extension security with the launch of out-of-process iframes, the removal of inline installation, and significant advancements in our ability to detect and block malicious extensions using machine learning.”
A Step Towards Safer Browser Extensions
Until now, Chrome’s Web Store had been accepting cryptocurrency mining extensions, so long as the developers complied with the company’s policy to inform their users about running the mining script.
However, in June 2018, Google mentioned in a blog post that, “approximately 90% of all extensions with mining scripts that developers have attempted to upload to Chrome Web Store have failed to comply with these policies.”
Recently, Google has also made mentions that over the past few months, there has been a significant rise in the number of malicious extensions that seek to hijack users’ digital assets. So, with this in mind, it should be easy to see why Google has made the ban on any extension that poses even the slightest risk to Chrome users.
Chrome’s Upcoming Changes
User controls for host permissions
Chrome users will now be able to configure their browser’s extensions to require a lock before it can gain access to the current page. As well as, being able to restrict extension host access to a customizable list of websites.
Improved Extension Review Process
Any extensions that require permissions will now be subject to an additional compliance review before being approved for the Web Store.
New Code Requirements
The Web Store will no longer be allowing browser extensions with obfuscated code. This includes both existing, as well as new extension submissions. Any extensions with an obfuscated code will be delisted from the Web Store if not compliant within the next 90 days.
As of 2019, all developer accounts will require enrollment in two-step verification before being able to submit browser extensions to the Web Store. This is meant to create an additional layer of safety and will require authentication from a developers phone or by creating a physical security key.
Along with these upcoming change’s to the Web Store’s policies, as of 2019, Google will introducing Manifest v3, which will see even more changes being made to the platform to add even more security, privacy and browser performance.