Google Inc. has announced upcoming changes that will be made to the rules for developing applications for its Chrome browser that require extended powers, which should help protect users from malicious software, including hidden miners and tools used to steal cryptocurrencies .
“It is crucial that the user can be confident that the extensions that he installs are safe, effective and ensure the safety of privacy. The user should always have an understanding of the scale of the possibilities of expansion and access to data, ”the company writes .
Starting with Chrome 70, which is currently available in beta, users will be able to restrict access to extensions to an arbitrary set of sites and require them to request permissions every time they access pages. "Permissions with broad capabilities" will be subject to additional checks, explains Google.
“While the host permissions allowed for the creation of thousands of powerful and constructive extensions, they led to a large number of misuse cases, both malicious and unintentional. We intend to increase transparency for the user and control when the extension can access these sites , ”adds the company.
On Monday, Google no longer allows extensions with hidden features or confusing code to be placed in the Chrome store, as this complicates the process of checking them and is usually used to embed some side functionality.
Starting from 2019, all developers' accounts will have to use two-factor authentication in order to reduce the risk of hacking and replacing full-fledged malicious extensions.
In early September, in this way, attackers were able to upload a malicious copy of the popular MEGA file-sharing software to the Chrome extension store, which, among other things, could steal data from MyEtherWallet and MyMonero.