Google Tightens Rules To Reduce Risk Of Cryptojackingbr>
Internet giant Google is implementing stricter rules for extensions offered in the Chrome Web Store, a move that will likely reduce the incidents of cryptojacking.
In an online post, the Internet giant announced it is planning a series of changes to the way Chrome handles extensions, including user controls for host permissions, changes to the extensions review process, and new code readability requirements. Currently, there are more than 180,000 extensions in the Chrome Web Store, and Google said nearly half of Chrome desktop users actively use extensions to customize Chrome and their experience on the web.
“It’s crucial that users be able to trust the extensions they install are safe, privacy-preserving, and performant,” Google said. “Users should always have full transparency about the scope of their extensions’ capabilities and data access.”
Starting with Chrome 70, which is currently in beta, users will be able to specify which websites can be accessed by the extension. Users will also be able to configure extensions to require a click to gain access to the current page.
“Our aim is to improve user transparency and control over when extensions are able to access site data,” Google said. “In subsequent milestones, we’ll continue to optimize the user experience toward this goal while improving usability.”
Google added that extensions that request powerful permissions will be subject to additional compliance review. The Internet giant will also closely monitor extensions that use remotely hosted code.
“Your extension’s permissions should be as narrowly-scoped as possible, and all your code should be included directly in the extension package, to minimize review time,” Google said.
Furthermore, Chrome Web Store will no longer allow extensions with obfuscated code, which inlcude code within the extension package as well as any external code or resource fetched from the web. This new rule is in effect now to all new extension submissions.
“Existing extensions with obfuscated code can continue to submit updates over the next 90 days, but will be removed from the Chrome Web Store in early January if not compliant,” Google said.
In 2019, Chrome Web Store developer accounts will be protected by 2-step verification to lower the risk of hackers taking over an account. It will also introduce Manifest v3 which will entail additional platform changes that aim to create stronger security, privacy, and performance guarantees.
The new rules came after Google announced that it will be updating its ads policy on financial products and services this month to allow regulated crypto exchanges to advertise in the US and Japan.