Google yesterday proclaimed that in order to increase the security of its browser it has incorporated new measures which will safeguard Chrome users from getting targeted by malicious extensions. This time, the search engine giant is concentrating on extensions that are mistreating enterprise options or controlling Chrome preferences illegally.
We are saying “this time” because similar measures have already been taken by the company in the past as well. In December, Google announced that by default installation of extensions options from external sources would be disabled on Windows and all extensions formerly installed using external sources would be spontaneously deactivated and Google fulfilled its promise by launching the new version of Chrome two months back.
After solving the above problem, the company is now moving onto the next one. Google clarifies by saying that it has found a malware that attempts to catch around silent installation blockers in one of two ways:
Abuses Chrome’s central management settings planned for configuring cases of Chrome centrally within the company.
Directly deploys Chrome preferences in order to mutely install and permit bundled extensions.
In the first consequence, by default the installed extensions are permitted and cannot be deactivated by the user from inside the Chrome browser. In both cases, the user has accidentally installed malware on his/her system.
Google would not disclose what new steps have been taken exactly to protect from the two above consequences but the company did say it will definitely recognize the software that obstructs Chrome’s standard tools for installing extensions. If anyone will attempt to download such dangers next week, a warning message will get displayed on the screen which will look like this:
If you build extensions and applications for Chrome browser, you must follow the Chrome’s standard mechanisms for add-ons/extensions installation, whether through the Chrome web store or any external source. The complete documentation can be seen here.