![]() ![]() Google's newest Chrome extension security improvement, Chrome Browser Cloud Management (CBCM), was specifically designed to improve extension management. Chrome extension security versus usability Essentially, if two permissions would allow a Chrome extension access to data to function, the developer must use the one with the least amount of access. In 2019, Google announced that developers must use permissions that provided the least amount of access to user data. Google has moved slowly in addressing issues, often letting known malicious extensions remain on the Chrome Web Store until publications write about them, but they have made progress. Depending on the permission the extensions request, extensions can access browser history, passwords and other critical and sensitive info. The biggest worry regarding Chrome extension security involves permissions. For example, in 2018 a botnet called Droidclub resulted in over 400,000 infected computers that artificially raised ad impressions. Bad actors can trick this process fairly easily, and users are the ones to pay the price for malicious extensions. Unfortunately, this hasn't prevented dangerous extensions from reaching users as the review process is automatic. This way, Google could institute a review process of all Chrome extensions, similar to the process that mobile apps go through before being published in a mobile OS' app store. To counteract these Chrome extension security issues, Google discontinued this practice in 2015 and required that all Chrome extensions must be installed through the Chrome Web Store. This created an untenable situation where developers could release malicious extensions masquerading as something benign and useful. When Chrome extensions were first released, users could download them from any website that wanted to offer them. While all major browsers feature extensions, the majority of extension security issues center around Chrome extension security. Unfortunately, Google Chrome browser extensions have too much access to user data, and bad actors know how to take advantage. They allow browsers to offer a more customized experience for users, from adding a digital clock to more intrusive extensions for content blocking. Browser extensions have been around for over 20 years, debuting on Internet Explorer 5.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |