Chrome extensions, the most widely used web browser by far they are, at the same time, part of the best and the worst of the Google browser. And is that thanks to these add-ons, we can have new functions, improve existing ones, use special characteristics of certain web pages, carry out searches of a specific type based on the content we view, completely modify the behavior of the page with scripts … the list is immense, and a perfect explanation of the reason for the success of these add-ons.
The bitter face of Chrome extensions surely you already know it well, because we have talked about it on many occasions: they are a very popular item among cybercriminals and other groups that, without reaching crime, do carry out activities in which ethics seem to be conspicuous by their absence. And the problem is that, due to its operating system, on many occasions Google’s security controls do not detect malicious extensions, as is the case with Android apps, which means that, periodically, we hear about extensions Dangerous Chrome apps that have been removed from the store.
Obviously, Google is very aware of this problem, and they have been working for years to improve the security of Chrome extensions, a line of work in which a new milestone has been announced today. And, as we can read today on the Google blog, lDevelopers will have to inform users about the data they collect, as well as the use they intend to do with them, which implies acceptance of the limitations set in this regard.
As we read in this post, “As of January 2021, the details page of each extension in the Chrome Web Store will display information provided by the developer about the data collected by the extension, in clear and easy-to-understand language. The data disclosure collection is available to developers today. Information that the developers of Chrome extensions will have to add.
Developers can start adding this information today, and the deadline to do so is January 18, 2021. From then on, the web page of all Chrome extensions that do not have such information will show a warning alerting users of this circumstance. At the moment there is no talk of additional measures, but it makes sense to think that, in a while, Google’s measures will be more restrictive, up to the point of blocking and / or eliminating Chrome extensions that do not comply with this new policy.
As for the points that Chrome extensions must meet, they are summarized in these four points, as they are written on the Google website:
Ensuring that the use or transfer of user data is for the primary benefit of the user and in accordance with the stated purpose of the extension.
We are allowed to sell user data. Google doesn’t sell user data and extension developers can’t either.
The use or transfer of user data for personalized advertising is prohibited.
The use or transfer of user data for credit purposes or any form of credit rating and to data brokers or other information resellers is prohibited.
In addition, developers of Chrome extensions will not only have to declare what data their development will use, but also They will have to certify that they meet these four points.
At the moment, and seen what has been seen, it seems that in the first instance this new policy will depend exclusively on the developers, that they will have to upload the lists and commit to comply with the conditions, that is, it does not seem that changes will be made in the control mechanisms that analyze the Chrome extensions that arrive at the store. It is hoped that they will take some action in this regard later. And in the meantime, here’s how to protect yourself from fraudulent extensions.