Google wants to protect its Chrome browser users from crypto hacks and mining malware. To that end it has implemented stricter rules for developers of Chrome extensions, those software programs that customize a user’s browsing experience.
According to a post on its blog, starting with its Chrome 70 operating system, currently in beta testing, users will be able to restrict an extension’s access to a custom list of sites, or set extensions to require permission each time they need to gain access to a page. Extensions that request “powerful permissions” will be subjected to “additional compliance review.”
There have been plenty of problems. As recently as last month, users were warned the browser extension for upload and sharing service Mega had been found to be compromised by hackers seeking login credentials and cryptocurrency keys.
“While host permissions have enabled thousands of powerful and creative extension use cases, they have also led to a broad range of misuse, both malicious and unintentional,” Google said, not giving any examples. “Our aim is to improve user transparency and control over when extensions are able to access site data.”