Google announced today several changes to the way the Chrome web browser handles extensions. Starting with Chrome version 70, consumers will be in control of the access that extensions have to their visited websites, and developers will also be subject to more scrutiny when submitting extensions that request sensitive permissions.
Google has been on a steady path to putting an end to bad extensions, and previously improved transparency for consumers. Now, with the latest changes, consumers can restrict host access (website access) by clicking on an extension, and selecting an option from the drop-down menu. This should put an end to extensions that manipulate websites, which has been a concern for many since June of 2018.
Extensions with a remotely hosted code are also getting special attention from Google in Chrome 70. Since this code can always be changed, Google now wants extensions to be narrowly scoped instead. “Our aim is to improve user transparency and control over when extensions are able to access site data. In subsequent milestones, we’ll continue to optimize the user experience toward this goal while improving usability,” proclaims Google.
As for developers, Google is changing up the review process for extensions which require “powerful permissions.” For consumers, this should mean for cleaner extensions, especially since Google is planning to remove extensions in January 2019 which are running “obfuscated code.” That is a process which developers often use to hide their source code, but it also is often used in 70% of malicious extensions. “Because obfuscation is mainly used to conceal code functionality, it adds a great deal of complexity to our review process,” noted Google.
This is just the latest round of changes for Chrome, which is always ever evolving. The last round of changes came with the recent version 69 update, though that was more focused on UI changes.
Chrome version 70 is currently in the beta channel, and Google explained it is planning on wider extension API changes in 2019, set to give consumers even more control of their data. Other changes coming in Chrome 70 include mandatory Two-Step Verification for Chrome Web Store developer accounts, the introduction of the Manifest v3 for stronger security, privacy, and performance guarantees.