Google Chrome Update Increases User Control Over Extensions

By Alexandra Burlacu email: a.burlacu@mobilenapps.com | Dec 31, 2012 06:42 PM EST

Share This Story

  • Print
  • Email

When Google Chrome reaches version 25, browser extensions installed offline by other applications will no longer be enabled without user permission.

Developers currently have several options to install extensions offline, i.e. without using the browser interface, in Google Chrome for Windows. One of these options entails adding special entries in the Windows registry, telling Chrome that a new extension has been installed and should be enabled.

Follow us

"This feature was originally intended to allow users to opt-in to adding a useful extension to Chrome as part of the installation of another application," Google's product manager of Chrome Extensions Peter Ludwig said in a blog post on Friday, Dec. 28. "Unfortunately, this feature has been widely abused by third parties to silently install extensions into Chrome without proper acknowledgement from users."

Chrome 25 aims to prevent this type of abuse by prompting users to give their permission through a dialog box in the browser interface. In other words, the browser will automatically disable all previously installed "external extensions" and will present users with a one-time dialog box to select which extensions they want to re-enable. All extensions installed through offline methods will be disabled by default, and users will be asked whether they want to enable them when they restart the browser.

Mozilla made a similar move over a year ago, when it implemented such a mechanism in Firefox to ensure extensions installed offline by other programs are not enabled without user confirmation.

Security is a big concern nowadays, especially as many attacks have used malicious browser extensions in the past, including Google Chrome extensions. Back in May, for instance, Wikimedia Foundation issued an alert regarding a Chrome extension that was filling Wikipedia pages with rogue ads. In July, Google decided to stop allowing Chrome extensions to be installed from third-party Web sites, limiting online installations only to extensions found in the official Chrome Web store. At the time, the company also said it would start analyzing all extensions listed in the Chrome Web Store for malicious behavior and remove any offending instance.

While this made it harder for criminals to distribute malicious extensions, it could prevent malware from installing rogue Chrome extensions on already compromised systems using offline methods. The new changes to the upcoming Chrome 25 version aim to address this issue.

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.

Featured Video : Ericsson Announces World-Leading Launches Ahead of Mobile World Congress 2014

Join Our Conversation

Smartphones
Leaked image of the Amazon 3D smartphone in protective shell Amazon’s upcoming 3D smartphone leaks in first images, with more spec details
Google: All Glass spots claimed in Explorer Program after April 15 one-day sale following KitKat update
Samsung Galaxy S5 vs. HTC One M8, LG Google Nexus 5 & iPhone 5S in drop, slide, and dunk tests (VIDEO)
Microsoft Windows Phone 8.1 Developer Preview released – Get it now
Tablet / Laptop / PC
Dell Venue 7 and Venue 8Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon LogoAmazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC LogoHTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google DowntimeGoogle blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Adobe Lightroom MobileAdobe Lightroom mobile hits the iPad, coming soon to iPhones
Apple updates Mac iWork for iCloud suite – What’s new in Pages, Numbers and Keynote?
Microsoft launches Office for iPad, makes Office Mobile free on Android and iPhones
Twitter adds photo tagging, multiple photo sharing to iPhone and Android apps
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps