Google Makes Official Announcement To Stop Cryptojacking And Hacks On Chrome Extensions
Google, the world’s most popular internet search engine provider has announced that it is enforcing newer and stricter rules to how Chrome extension developers operate. This will effectively cause a reduction in the rate of crypto hacks suffered.
Google confirmed, via a blog post that it is crucial that users be able to trust the extensions they install are safe, privacy-preserving, and performant. Users should always have full transparency about the scope of their extensions' capabilities and data access.
Chrome will now, no longer give permission to extensions with hidden or vague codes, as Google went further to explain that while host permissions have enabled thousands of powerful and creative extensions use cases, they have also led to a broad range of misuse – both malicious and unintentional. Their aim is to improve user transparency and control over when extensions are able to access site data. Extensions with vague codes will have a window of 90 days to comply to this new rule.
The web company also explained that extensions that always request “powerful permissions” from users will be put through “additional compliance review.”
In the blog post, Google confirmed that more than 70 percent of “malicious and policy violating extensions” that Google blocks from the Web Store harbor vague codes. “This is no longer acceptable given the aforementioned review process changes,” Google affirmed.
There is also news concerning a plan, in 2019, to ensure all extension developer accounts are protected by 2-step verification which will considerably lower the risk of hackers taking over a user account.