Google continues to improve the security of its Chrome browser, which is now serving over 310 million active users. Google has now added a browser security setting which they claim will prevent non-Chrome Web Store extensions from installing in the Chrome browser automatically. Google has also announced that it has also begun monitoring submissions to the Web Store. Why was Google not sanitising the extensions?
In the latest version of Chrome (it updates silently in the background, so no need for manual updating) users will have to verify that they want to download the 3rd-party ‘inline’ browser extension by adding them through the Extensions page. Google analyzes each and every extension that is uploaded to the Web Store, so if it finds an extension that is behaving maliciously it will remove it from the Web Store. Google however don’t have the ability to take down malicious items promoted on 3rd party websites. These items might be installation of malicious extensions which are triggered when a user visits a particular website. Hackers can use extensions to silently track the information users enter on the Web (this includes searches).
Having read about this on the Google Chrome support website it reads as if Google hasn’t been monitoring the Web Store. I for one hope they were, but am happy to now hear they realize there is security implications with browser extensions, hence this security update.
Also, it’s worth pointing out if you use the Google Chrome on more than one device (an Android or Apple iOS device for example), you may wish to register and then sign in to Chrome. Chrome’s sign-in feature, means you no longer need to worry about your bookmarks or apps being available only on one computer/device. When you sign to the Chrome browser or a Chrome device, your bookmarks, extensions, apps, theme, and other browser preferences are saved and synced to your Google account. This allows you to load these settings anytime you use Chrome on other computers and devices.
TIP: Don’t sign in to Chrome if you are using a PUBLIC or UNTRUSTED computer or mobile device. A copy (cache) of your data will be stored on that computer or mobile device and may be accessed by other people. You can control this and more here: http://www.google.com/dashboard
For further information about the security improvements to the Google Chrome browser.
Safe surfing folks!