Google announced a new policy for Chrome browser extensions to eliminate the use of deceptive installation tactics.
The additional changes are part of the Project Strobe presented by Google in October 2018 in the aftermath of the data breach that exposed data of over 500,000 users of its Google+.
Google aims at ensuring that all Chrome extensions are trustworthy by default.
Google says that users’ trust in extensions is greatly influenced by the path to downloading an extension. A single bad experience could affect users’ interest in these applications.
“Setting the right expectations for what an extension does, from the start, helps create a healthy and thriving ecosystem of extensions, developers, and passionate users.” states Google.
“Last year, to improve user transparency we deprecated inline installation and began requiring all extension installs to go through the Chrome Web Store. This change has helped reduce user complaints about unwanted extensions by 18 percent.”
Unfortunately, Google still receives user feedback about deceptive extension install flows. The company is prohibiting extensions that benefit from deceptive install tactics with the following policy:
“Extensions must be marketed responsibly. Extensions that use or benefit from deceptive installation tactics will be removed from the Chrome Web Store.
Deceptive installation tactics include:
Developers are asked to audit their install traffic to ensure it is compliant before July 1st, 2019.
Google also introduced two additional restrictions on Chrome browser extensions, the most important one requires the use of the “minimum set of permissions necessary” when asking for access to data. Below the two restrictions:The tech giant added the following Chrome Web Store policies.
Thank you
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Chrome Browser Extensions, Google)
[adrotate banner=”5″]
[adrotate banner=”13″]
The LockBit ransomware group has added the City of Wichita to its Tor leak site…
TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’…
Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to…
A critical Remote Code Execution vulnerability in the Tinyproxy service potentially impacted 50,000 Internet-Exposing hosts.…
The UK Ministry of Defense disclosed a data breach at a third-party payroll system that…
The FBI, UK National Crime Agency, and Europol revealed the identity of the admin of…
This website uses cookies.