[ad_1]
Google is questioning about the potential of a third-party extension for Chrome to become malicious and to hack your PC.
The next version of Chrome adds new controls on web pages that third-party extensions can read and write to. "Users can choose whether to allow your extension to be click-enabled, on a specific set of sites, or on all requested sites," Google said in a note to developers.
The company is currently making the necessary changes so that certain Chrome browser extensions can automatically collect sensitive data that appears on your browser. For example, spell checking or translation products need this permission to work. But unfortunately, the same ability can also be used to steal your data.
That's what happened last month when a Chrome extension of Mega.nz, a cloud storage provider, was briefly hacked to steal passwords from the accounts of Microsoft. 39; users. The Trojanized extensions worked by lifting the data each time a selected login page appeared. In another incident, a hacker tampered with a Chrome browser extension to extract cryptocurrency from victims' computers.
"Although hosts' permissions have allowed thousands of powerful and creative extensions to use, they have also led to a wide range of misuses – both malicious and unintentional," Google said in a statement. a blog published on Monday.
However, it seems that it will be up to users to activate the controls. In Google's note to developers, the company said the upcoming change will not immediately affect current permissions granted by users to browser extensions.
You will be able to access the new controls by accessing the "chrome: // extensions" page or by simply right-clicking on the extension as it appears in the upper right corner of the browser.
In the same blog post, Google has announced an "additional compliance check" for all extensions requiring powerful permissions. Chrome Web Store extensions can no longer execute deliberately scrambled or "hidden" computer code to prevent reverse engineering. Google said that one had to take a look to ensure that no computer code is secretly malicious.
"Today, over 70% of malicious extensions and policy violations that we block in Chrome Web Store contain obscured code," Google said.
To prevent hackers from taking control of legitimate extensions, the company is also forcing all third-party software vendors to use two-factor authentication with their Chrome Web Store developer accounts.
Chrome 70 will be available in the week of October 23rd.
Source link