Google, owned by Alphabet Inc. (NASDAQ: GOOGL), recently announced a series of changes, including a new rule for developers that makes Chrome extensions more secure.
Google’s Chrome browser will handle extensions, seeking way too many permissions in an efficient way. Additionally, the company will slate new requirements for developers who want to publish extensions in the Chrome Web Store.
Not under wraps anymore, extensions have been that major point of the compass for malicious developers to gain private data, irrespective of whatever browser is used. However, on a preventive note, Google has kept eagle eyes over the detection of malicious extensions that may hamper smooth functioning before it gains entry into the store.
Now that Google has already made extensive changes in its browser to maintain the efficacy of the same, the recent changes are like taking up the fight a notch higher.
Google Chrome Extensions: No More Obfuscated Codes!
As of Monday, developers are barred from submitting extensions that include complicated codes. According to Google, over 70% of malicious and policy-violating extension lurks behind such obfuscated codes.
Obfuscation is an act of deliberately creating intricate, puzzled source codes which are baffling, and at the same time, difficult for human comprehension.
Given that code obfuscation leads to the performance hit, the argument surfaces the corner that there’s no use of code obfuscation at all. Hence, Google argues that the reason to ban such extensions altogether holds just right. January 1st has been deemed as a deadline for developers to get rid of any such obfuscated codes from their extensions and update the same with easily accessible codes.
Another change in the slate of changes is that the company will provide liberty to users to restrict an extension’s permission for data or service manipulation on a per-site basis. When a Chrome extension is given permission to alter any website data in the history, the extension could also manipulate this permission across other sites. This doesn’t just sound harmful but, in fact, proves to be one too!
Again, when it comes to permissions, Google is also looking forward to introducing new tools and better-scope APIs, which will reduce the need for broader permissions or authentications. Additionally, this will keep users in the driver’s seat while granting access to any such extensions.
Google also plans to introduce a stringent measure to look up ‘powerful permission’ extension requests and will monitor remotely hosted codes.
Two Step Verification to be Mandated
To be ushered-in in 2019, Google will require two-factor authentication to access Chrome Web Store. With this change, a malicious actor can’t take over a developer’s account and publish a hacked extension.
This rule is not for extensions but is only applicable to extension developers. Google will mandate the use of this two-step verification for all extension developers.
With two-step verification, Google aims at preventing phishing cases where hackers can masquerade as a developer and, worse, hack into one in order to legitimate Chrome extensions. This will damage both the extension as well as the site’s credibility.
Will It Be Extra Work For Developers?
“We recognise that some of the changes announced today may require effort in the future, depending on your extension. But we believe the collective result will be worth that effort for all users, developers, and for the long term health of the Chrome extensions ecosystem.”
Herein, “Oh No – Extra work! ” stands true if you’re a developer, and Google won’t even deny this disclaimer.
However, for serious extension developers – this shouldn’t be much of a headache. It is quite obvious that dedicated developers will want to protect their users alike Google.