Browsers are getting more capable and more complex, becoming little software ecosystems in their own right. And that’s increasingly making them targets. Browser extensions, while incredibly popular for the tools and tweaks they add, are an easy vector to get spyware and other nasty stuff loaded onto your computer with minimal effort. Google’s latest security measure in Chrome aims to make it easier to spot potentially malicious extensions.
According to the Chrome developer blog, Chrome version 117 will introduce a trio of new checks whenever a new extension is installed. It’ll check to see if the extension has been removed from the Chrome Web Store by its developer or if it was removed manually for violating Google’s extension policies or being marked as malware. Users will also be able to manually review the extensions they’ve already installed via an alert in the “Privacy and Security” settings menu.
The change won’t affect the most common pain point for malicious extensions, those that are distributed and downloaded outside of Google’s sanitized Chrome Web Store system. Such tools aren’t always malware, but it’s a frequent source of it, with Chrome extensions either mirroring legitimate ones with added payloads or designed to facilitate some kind of illicit activity. And finding an extension n the Chrome Web Store is no guarantee of its cleanliness, either — extensions have been found loading up adware there, usually when the original developer sells the tool to a new owner.
Even so, the extra measures will be appreciated for anyone who wants an extra layer of browser (or in the case of Chromebooks, operating system) security. The new tools will debut for most users in the next Chrome update, but as Bleeping Computer Notes, you can try them out in version 116 with some tweaks in the chrome://flags interface.