Chrome 91 will warn users when installing untrusted extensions
Google is expanding its Enhanced Safe Browsing feature in Chrome 91 to protect users when they’re installing a new extension from the Chrome Web Store.
Chrome will start displaying a new dialogue warning users to proceed with caution if an extension is not trusted by Enhanced Safe Browsing.
Google rolled out Enhanced Safe Browsing last year as an opt-in protection against phishing and malware sites, to catch instances where it missed detecting these sites before users visited them. The feature used Chrome to share more security data with the service to check dodgy URLs in real time to determine whether a site is a phishing site.
SEE: Managing and troubleshooting Android devices checklist (TechRepublic Premium)
Now Google is using Enhanced Safe Browsing to improve its management of developers who publish extensions to the Chrome Web Store. This could create obstacles for extension developers who are new to the Chrome Web Store, as it will take a few months of abiding by Google’s policies to be considered trusted.
“Any extensions built by a developer who follows the Chrome Web Store Developer Program Policies, will be considered trusted by Enhanced Safe Browsing. For new developers, it will take at least a few months of respecting these conditions to become trusted,” Badr Salmi from Google Safe Browsing and Varun Khaneja from Chrome Security explain in a blogpost.
“Eventually, we strive for all developers with compliant extensions to reach this status upon meeting these criteria. Today, this represents nearly 75% of all extensions in the Chrome Web Store and we expect this number to keep growing as new developers become trusted.”
The new framework for trusted developers follows Google’s year-long effort to clean up the Chrome Web Store from scammy and phishing extensions. Even after a crackdown last August, millions of users installed 28 malicious extensions.
Chrome users can opt into Enhanced Safe Browsing by going to Settings and clicking through Privacy and Security settings > Security > and then checking ‘Enhanced protection’ mode under Safe Browsing.
Users should note that this does allow the service to share data that’s temporarily linked to a Google account if the user is signed into Chrome.
But Google claims that Chrome users who do enable Enhanced Safe Browsing are successfully phished 35% less than other users, so there may be a good security reason to enable it.
Google is also bolstering download protection in Enhanced Safe Browsing to improve protections when downloading potentially risky files from the web.
Users will get a warning when it detects a suspicious file and suggests the user sends it to be scanned for further analysis. A first check is run through the standard Google Safe Browsing services.
If you choose to send the file, Chrome will upload it to Google Safe Browsing, which will scan it using its static and dynamic analysis classifiers in real time.
After a short wait, if Safe Browsing determines the file is unsafe, Chrome will display a warning. As always, you can bypass the warning and open the file without scanning. Uploaded files are deleted from Safe Browsing a short time after scanning.