Google Cracks Down On Rogue Browser Extensions

Dennis Faas's picture

Google says it plans to change the way users install add-on tools (known as "extensions") for its Chrome web browser. It's expected the changes will make the browser more secure.

A Chrome extension is the same thing as an "add on" in Internet Explorer. It's a tool made by an independent developer that adds new functionality to the browser.

For example, Amazon has released a Chrome extension that adds a button to the top of the browser screen. When you are reading a lengthy web page, such as a newspaper article, you can click the button to have a copy of the page sent to your Kindle device in an easy-to-read format.

Until recently Google let users install extensions in two ways. You could browse through the official Chrome Extensions store and click a single button to add the extension.

Alternatively, you could download and install an extension directly from a developer's website.

Some Extensions Installed Without User Knowledge

The problem was that some developers were taking advantage of the second method to install malicious or unwanted extensions without the user's knowledge.

In some cases this meant tricking the user into clicking to agree to install the extension when they thought they were installing a separate program. In other cases, the extension was installed "silently", meaning the user was never even asked about it.

Some of these unwanted extensions caused serious problems, including changing a home page, routing their searches to a service other than Google, and rigging the results to point to malware sites. In some cases the extensions even blocked users from visiting legitimate Google sites.

Google Move Reminiscent of Apple Approach

Google has experimented with ways to limit how rogue extensions get installed without the user realizing, but has now given up on the effort.

Instead, now users will only be able to install extensions from the official Google store, where they can be vetted and, if necessary, removed by Google. (Source: chromium.org)

The move should improve security, but isn't without its critics. Some developers say it's too similar to the way iPads can only get apps from the official iTunes store, leaving Apple with the ability to block apps it doesn't like.

Other critics note the move could be designed to generate revenue for Google, which forces developers to pay a $5 listing fee to post their extensions. (Source: techweekeurope.co.uk)

Rate this article: 
No votes yet