The Web can be a scary and dangerous place, and web browsers are continually trying to make it safer for users. Unfortunately, attacks can come not just from websites but also from within the browser itself. That may not come from vulnerabilities and bugs in the browser but from the extensions that advertise new functionality, sometimes deceptively. Almost mirroring the situation on Android, Google’s Web Store for Chrome extensions has become notorious for hosting questionable software, and Google is cracking down on some of those extensions with a new set of policies to combat spam.
Spam in the Chrome Web Store comes as extensions from the same developer that either offer the exact same functionality or, conversely, come in a set of small extensions that offer single, trivial functions. In addition to potentially confusing users, it also opens the door to users installing one extension after another but forgetting to uninstall all of them after removing just one. In many cases, such strategies are designed so that the remaining extensions can keep on doing the dirty work of collecting user data.
Google’s new policies are designed to curb such deceptive practices. The Chrome Web Store will no longer allow multiple extensions that are part of the same installation flow, like extensions that require or prompt users to install another extension. Small extensions that have a single purpose should also be aggregated into a single, bigger extension.
Google is also enforcing a new developer security measure on the Chrome Web Store that it recently did for Android developers. They are now required to have two-factor authentication enabled in the hopes that it reduces the instances of developers themselves getting hacked and then using their credentials to upload potentially harmful apps or extensions.
Web browser extensions have admittedly grown a bit out of fashion lately, with some features being integrated into browsers. There are still some uses for extensions, especially for features that Google and others will never officially allow. Unfortunately, those are also the cases that less conscientious developers are willing to exploit, but these new policies will hopefully cut down their numbers and improve the image of the Chrome Web Store.