Google introduces stricter rules for developers of Chrome browser extensions. The move is designed to reduce the risk associated with cryptocurrencies breaking and cryptogamia.
On 1 October, Google announced that it plans to make a series of changes in ways of handling extensions in the Chrome browser, and also to tighten the rules for developers who distribute the plugins via the Chrome Web Store.
In its blog the company said:
It is essential that users can trust the installed extensions that need to be safe and effective. We should provide the users with complete clarity in respect of access to their data and capabilities of these extensions.
The company explains that 70 Chrome users will have the ability to restrict access to a list of sites or set of such extensions, which will ask permission to access certain pages.
Google also notes that expansion with a high level of access will be subject to additional screening. The company emphasizes that carefully studying the plugins using remote code, and explains this step as follows:
Our goal is to increase transparency and strengthening control over extensions that can access data sites.
The company also said that from October 1 the Chrome Web Store banned plugins with hidden or confusing code. Existing extensions have 90 days to fix this problem.
The report said that more than 70% of the plugins, to block Google in the Chrome Web Store as “harmful and violates the policy of [company],” also contain tangled code. Obfuscation is often used to obscure its functionality, which greatly complicates the verification process.
2019 Google will require that all the accounts of developers of extensions have been protected with two-factor authentication to reduce the risk of hacking accounts.
The cyber criminals have already used plug-ins Chrome to access the victims ‘ computers. For example, a month ago, hackers uploaded to the Chrome Web Store a malicious version of the Mega. As a result, among the victims were users of wallets MyEtherWallet, MyMonero and decentralized exchange IDEX.
Note that the company applies strict measures to the extensions that use user devices for mining cryptocurrency without their knowledge. In April the Chrome Web Store are blocked the plug-ins that contain the built-in miners, regardless of whether intentional this option or not. The current tightening of the rules including those designed to more effectively withstand scriptordering.