Alexandra Burlacu email: a.burlacu@mobilenapps.com
When Google Chrome reaches version 25, browser extensions installed offline by other applications will no longer be enabled without user permission.
Developers currently have several options to install extensions offline, i.e. without using the browser interface, in Google Chrome for Windows. One of these options entails adding special entries in the Windows registry, telling Chrome that a new extension has been installed and should be enabled.
"This feature was originally intended to allow users to opt-in to adding a useful extension to Chrome as part of the installation of another application," Google's product manager of Chrome Extensions Peter Ludwig said in a blog post on Friday, Dec. 28. "Unfortunately, this feature has been widely abused by third parties to silently install extensions into Chrome without proper acknowledgement from users."
Chrome 25 aims to prevent this type of abuse by prompting users to give their permission through a dialog box in the browser interface. In other words, the browser will automatically disable all previously installed "external extensions" and will present users with a one-time dialog box to select which extensions they want to re-enable. All extensions installed through offline methods will be disabled by default, and users will be asked whether they want to enable them when they restart the browser.
Mozilla made a similar move over a year ago, when it implemented such a mechanism in Firefox to ensure extensions installed offline by other programs are not enabled without user confirmation.
Security is a big concern nowadays, especially as many attacks have used malicious browser extensions in the past, including Google Chrome extensions. Back in May, for instance, Wikimedia Foundation issued an alert regarding a Chrome extension that was filling Wikipedia pages with rogue ads. In July, Google decided to stop allowing Chrome extensions to be installed from third-party Web sites, limiting online installations only to extensions found in the official Chrome Web store. At the time, the company also said it would start analyzing all extensions listed in the Chrome Web Store for malicious behavior and remove any offending instance.
While this made it harder for criminals to distribute malicious extensions, it could prevent malware from installing rogue Chrome extensions on already compromised systems using offline methods. The new changes to the upcoming Chrome 25 version aim to address this issue.
more stories from Internet / Social Media
Google's two-minute blackout has caused a whopping 40 percent drop in global Internet traffic.
ernest hamiltonRumors turned out to be legitimate, as Xbox Music web player is now live.
ernest hamiltonA bug in Facebook's latest beta app for Android collected and stored the phone numbers of anyone who launched the app, regardless of whether they logged in or had an account.
ernest hamiltonMozilla Firefox 22 is bringing advance 3D gaming to the web with Unreal Engine 3.
ernest hamiltonA security bug in Facebook's 'Download Your Information' (DYI) tool exposed email addresses and telephone numbers of roughly 6 million users.
ernest hamiltonTwo of the new features now available on Socl comes in the form of a meme generator and GIF creator. This is a good idea since memes and GIFs are one of the leading activities on the Internet right now.
ernest hamiltonThe Facebook invitation doesn't say anything about the product or the service that is going to be launched on June 20.
ernest hamiltonIn the new version of OS X, dubbed OS X 10.9 Mavericks, if you use the new Safari web browser to open a website that is power hungry, you will not have to close it in order to save your battery life.
ernest hamilton