Browser extensions are a double-edged sword. They can greatly enhance your browsing sessions with grammar checks, price comparisons, memory optimizations, or by blocking unwanted content and annoyances. But often enough, extensions turn out to be security risks, with a recent example being The Great Suspender, a RAM-saving extension that fell from grace after its original developer sold it.
Google is looking to improve the situation with a new suite of protection measures first launched with Chrome 91 as part of its Enhanced Safe Browsing program. Some more improvements are headed to downloads.
Google says that Enhanced Browsing Protection will offer additional safety measures when you install an extension through the Chrome Web Store. Specifically, a popup will warn you if an add-on you’re installing isn’t part of Google’s new list of trusted extensions.
By default, any extension following the Chrome Web Store Developer Program Policies will be eligible to join the trusted list. For new developers, it might take a few months of respecting the policies until they’re eligible, too, but eventually, Google wants to get everyone complying with the policies on board. The company says that right now, that would include 75% of all extensions offered in the Web Store, and it hopes that the new list of trusted extensions is another incentive to make add-ons compliant with the policies.
Trustworthy extensions won’t get the new “Proceed with caution” warning.
Google also wants to make downloads more secure. Right now, files are checked for malicious contents locally using metadata, the source, and the digest of the contents to determine if it’s dangerous. For Enhanced Safe Browsing users, Google is adding another step. If the browser deems a downloaded file suspicious, you can choose to send it to Google servers to give it another thorough check. After a “short wait,” you’ll get a result. Uploaded files are deleted from the servers shortly afterward.
From what we understand, both the enhanced download and extension protections are only available for those who have enabled Enhanced Safe Browsing, which you can do in your browser’s settings under Privacy and security. Note that you’ll also have to share more data on your browsing behavior with Google to enjoy the benefits, though.
While changes in the name of security are always welcome, we’re wondering what these new “Proceed with caution” warnings will mean for new extension developers. It will be much harder to gain traction for upcoming add-ons as they first need to prove themselves as trustworthy, meaning that it will be harder for new developers to break into the market. And when we look at cases like The Great Suspender where a previously trusted extension went rogue, the question remains whether the new pre-install security measures will really help.