Google is making a move to reduce the risk of crypto hacks and mining malware. This they are doing by introducing stricter rules for Chrome extension developers.
Google revealed this in a post:
“It’s crucial that users be able to trust the extensions they install are safe, privacy-preserving, and performant. Users should always have full transparency about the scope of their extensions’ capabilities and data access.”
From Chrome 70 (currently in beta), users will have the ability to restrict an extension’s access to a custom list of sites, or to set extensions to require permission each time they need to gain access to a page, the company explains.
The web and technology giant adds that extensions that request “powerful permissions” will be subjected to “additional compliance review.”
“We’re also looking very closely at extensions that use remotely hosted code, with ongoing monitoring,” the post states.
Moreover, an explanation to this was further given, saying:
“While host permissions have enabled thousands of powerful and creative extension use cases, they have also led to a broad range of misuse – both malicious and unintentional … Our aim is to improve user transparency and control over when extensions are able to access site data.”
From Monday, extensions with hidden, or obfuscated, code will no longer be allowed on Chrome Web Store. While 90 days grace would be given to extensions with obfuscated code to comply with the new rule.
According to the post, more than 70 percent of “malicious and policy violating extensions” that Google blocks from the Web Store contain obfuscated code. Further, as obfuscation is “mainly used to conceal code functionality,” it greatly adds to the complexity of the Google’s extension review process.
Moves To Reduce Hacks
Googles has also revealed that from 2019, for security measures, all extension developer accounts must be protected by 2-step verification to lower the risk of hackers taking over an account.
This new measures are to reduce the the risk of crypto hacks and mining malware.