Ads

Breaking News

Google announces new changes to make Chrome extensions safer by default

Many Chrome extensions, without a doubt, are quite helpful but they can be quite powerful and demand too many permissions as well. To keep their level of access in check, Google has announced some new changes to Chrome extensions which will be helpful for users in assessing their trustworthiness. Google says that it is trying to implement such changes that make all Chrome extensions trustworthy by default. With the upcoming Chrome 70 update, users will be able to restrict extension host access to a preset list of sites so that they work only on the whitelisted websites. Extensions will also be made configurable to require a click to gain access to the current page. Google, in its blog post, says that the future chrome releases will continue to "improve user transparency and control over when extensions are able to access site data." Existing extensions should still work fine, but developers whose extensions request host permissions can view the transition guide here for more details. Google is also banning extensions with an obfuscated code on the Chrome Web Store and this policy is being applied to all new extension submissions as well. Those extensions that use obfuscated code will be able to submit updates for the next 90 days, but will be removed from the Chrome Web Store in early January in case they do not comply. Later, the company will also be introducing some new changes to the extension review process. Extensions that ask for powerful permissions will be subject to additional compliance review and those that host remote code will be monitored. Google advises developers, “Your extension’s permissions should be as narrowly-scoped as possible, and all your code should be included directly in the extension package, to minimize review time.”  In 2019, Chrome Web Store developers will need to have two-factor authentication enabled for their accounts. "If your extension becomes popular, it can attract attackers who want to steal it by hijacking your account," Google says, "and 2-Step Verification adds an extra layer of security by requiring a second authentication step from your phone or a physical security key." Enrollment for 2FA has already begun and one can apply for it here.  Additionally, a new extension manifest version (v3) will be announced next year, which will have better permission controls and support Service Workers as a new type of background process. Service Worker is a script that Chrome runs in the background.

from Latest Technology News https://ift.tt/2zNRRHX

No comments