With more and more people “living” on the Web these days, web browsers have become both gateways as well as points of vulnerability. As one of that major gateways, Google’s Chrome browser has an even bigger responsibility to ensure users’ safety. And because of its Chrome extensions system, that goes beyond just the core of the browser. With version 30 and future releases, Google will be putting its foot down to ensure that those extensions don’t end up costing users their privacy and security and costing Google its credibility.
Web extensions provide a lot of power beyond the capabilities that browsers offer. For a time, the new browser wars revolved around such extensions and their exclusive availability on one browser only. These days, however, extensions have also become a liability, leaving doors open for hackers and malware to get through.
Google already started tightening the rules on Chrome extensions a few months ago when it announced that installing extensions outside the Chrome Web Store would no longer be allowed. That’s well and good, except some suspicious and downright malicious extensions still get through the Store. So Google is taking it one step further by making its review process stricter.
For one, Google will no longer allow Chrome extensions that use obfuscated code in the Web Store starting today. That applies both to the extension code itself as well as any code it might use or download from external servers. Obfuscated code is ineffective in hiding proprietary code anyway and yet it increases the chances of malware and makes it harder to review. In 2019, Chrome Web Store developers will also be required to use two-factor authentication to protect their own accounts from getting hacked.
Google has no qualms that these changes are going to inconvenience developers, but that might be a good thing. Serious extension developers will want to protect their users just as much as Google does. Besides, the Web Store might long overdue a trimming anyway.