How Google Made Chrome Extensions More Secure Just By A Single Rule Change For Developers?

Must Read

Happy B’Day Gordon Moore: One Of The Founding Fathers Of Silicon Valley

Gordon Earle Moore co-founded the paramount Intel Corporation (NASDAQ: INTC) with Robert Noyce in July 1968, which is worth $204.16...

WhatsApp Might Lose 60 Million Indian Users Post Updated Policy Changes, New Survey Reveals!

The Facebook-owned instant messaging platform’s decision to update their privacy and terms of service brought about a...

Uber and Ola In Hot Water: India Authorities Launch Fresh Probe!

The Directorate General of Goods and Services Tax Intelligence (DGGI) sent a summons to Uber and Ola...

Google, owned by Alphabet Inc. (NASDAQ: GOOGL), recently announced a series of changes looming here!

Google’s Chrome browser will handle extensions, seeking way too many permissions in an efficient way. Additionally, the company will slate new requirements for developers who want to publish extensions in the Chrome Web Store.

Not under wraps anymore, extensions have been that major point of compass for malicious developers to gain private data, irrespective of whatever browser is used. However, on a preventive note, Google has kept eagle-eyes over the detection of malicious extensions that may hamper smooth functioning, before it gains entry into the store.


Now that Google has already made extensive changes in its browser to maintain the efficacy of the same, the recent changes are like taking up the fight a notch higher.

Google Chrome Extensions: No More Obfuscated Codes!

As of Monday, developers are barred from submitting extensions that include complicated codes. According to Google, over 70% of malicious and policy-violating extension lurks behind such obfuscated codes.

Obfuscation is an act of deliberately creating intricate, puzzled source codes which are baffling, and at the same time, difficult for human comprehension.

Given the fact that code obfuscation leads to the performance hit, argument surfaces the corner that there’s no use of code obfuscation at all. Hence, Google argues that the reason to ban such extensions altogether holds just right.  January 1st has been deemed as a deadline for developers to get rid of any such obfuscated codes from their extensions and update the same with easily accessible codes.

Per-site Permissions

Another change in the slate of changes is that the company will provide liberty to users to restrict an extension’s permission for data or service manipulation on a per-site basis. When a Chrome extension is given the permission to alter any website data in the history, the extension could also manipulate this permission across other sites. This doesn’t just sound harmful but in fact proves to be one too!


Again, when it comes to permissions, Google is also looking forward to introducing new tools and better scope APIs which will reduce the need for broader permissions or authentications. Additionally, this will keep users at the driver seat while granting access to any such extensions.

Google also plans at introducing a stringent measure to look up at ‘powerful permission’ extension requests and will monitor remotely hosted codes.

Two Step Verification to be Mandated

To be ushered-in in 2019, Google will require two-factor authentication for access to Chrome Web Store.  With this change, a malicious actor can’t take over a developer’s account and publish a hacked extension.

This rule is not for extensions but only applicable for extension developers. Google will mandate the use of this two-step verification for all extensions developers.

With two-step verification, Google aims at preventing phishing cases where hackers can masquerade in as a developer, and worse, hack into one in order to legitimate Chrome extensions. This will damage both the extension as well as the site’s credibility.

Will It Be Extra Work For Developers?

“We recognise that some of the changes announced today may require effort in the future, depending on your extension. But we believe the collective result will be worth that effort for all users, developers, and for the long term health of the Chrome extensions ecosystem.”

Herein, “Oh No – Extra work! ” stands true if you’re a developer and, Google won’t even deny this disclaimer.

However, for serious extension developers – this shouldn’t be much of a headache. It comes quite obvious, that dedicated developers will want to protect their users alike Google.



Please enter your comment!
Please enter your name here

Latest News

The Slip-Ups Keep On Coming: WhatsApp Web Users’ Mobile Data Leaked On Google

As the developments have unfolded over the past week, the clock for WhatsApp seems to be ticking...

Trump Administration Has Landed Its Final Blow On Chinese Companies: Xiaomi Blacklisted!

In its recent move to safeguard national security, the United States’ Trump Administration has decided to go after China’s second-biggest smartphone marker...

Huawei Is Gunning For Acquiring A Fifth Of Android’s Userbase With Its Own HarmonyOS!

After Google’s ban on Huawei in 2019, the Chinese-origin tech company is all set to roll out HarmonyOS later in 2021 as...

Battle Lines Are Drawn: Qualcomm’s Latest Acquisition to Challenge Apple, Intel

The quest to gain supremacy creates a butterfly effect for sure. With the challengers and the champion pulling out all stops to...

After Ola and Uber, Now Swiggy And Flipkart Under Probe For Tax Evasion: What’s Brewing?

A few days ago, reports emerged about Ola and Uber coming under the scanner of Directorate General of Goods and Services Tax...

India’s Biggest IT Firms Reported Sharp Jump in Employee Hiring In FY Q3 2021

India's IT sector has been on a steady rise after the turbulence the first half of 2020 caused. On Wednesday, major IT...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This