Google Making Extensions More Secure In Chrome

Google building

One of the most common complaints about Google’s popular web browser, Chrome, is its inordinate number of security vulnerabilities. As Gregg Keizer reports for Computer World, Google is doing its part to close up one of the most noticeable flaws in its security by no longer allowing the installation of extensions that aren’t in the Chrome Web Store.

Currently, users can browse the Chrome Web Store for extensions, which other browsers call add-ons, much the same way you would browse for apps on your smartphone. These extensions grant the browser additional capabilities. Extensions have also been found outside of the Web Store. Some third party vendors offer Chrome extensions directly on their site’s, or included in downloads of their applications. Some companies have even engineered their own extensions specifically for their employees. Under Google’s new rules, these third party extensions would no longer be accepted by Chrome browsers.

The reason for this move is that it keeps users from accidentally downloading malicious extensions. By limiting users to only installing extensions from the official Web Store, Google is able to police all extensions available and remove those that contain malware or act maliciously.

Android hasn’t yet made the same move to limit users to only apps found in the Play store, but they do recommend that users stick to those apps. Otherwise, users risk infecting their devices with apps that haven’t been officially approved by Google.

This move for Chrome has been in the works for some time. When Chrome 21 launched in 2012, it no longer accepted extensions installed directly from a third party website. Earlier this year, Chrome again tightened extension security by adding a feature that blocked silent installations of extensions and disabled those already installed. This closed a vulnerability that allowed hackers to install extensions without a users knowledge. Usually, this was done in response to another user action to download from an untrusted source.

In order to completely close any remaining loopholes, Chrome has now gone to a strict policy of only allowing extensions directly from the Web Store. That doesn’t mean, however, that independent developers, and those developing extensions for company use, can’t continue to use their own extensions. The Web Store offers an option to hide extensions from the public and only make them available to those they’re intended for. Extensions will also still be available to download directly from third party sites, as long as the same extension has also been added and approved in the Web Store.

These changes aim to make Chrome a more secure browser. To upgrade your security at home or at the office, contact Geek Rescue at 918-369-4335.

November 8th, 2013