Google’s set the new limitation on Google Chrome Web Store extensions introduced on Monday, Octuber1, are likely to affect Cryptojackers (unauthorized use of computing resources to mine cryptocurrencies).
In a Blog post, Google had already confirmed that Chrome extensions submitted to the Web Store would not be approved if they contain any “obfuscated.” (something less clear and harder to understand) code.
Apart from the security implication, obfuscated code, which the post describes as”mainly used to secrete code functionality.” adds a great deal of complexity to the process of reexamining extension for approval.
Radware reported on various crypto’s mining malware Chrome Extension that had inserted a short obfuscated malicious code to “bypass Google Extension validation checks.
The Chrome Web Store is no longer allowing extensions that feature obfuscated code(something less clear and harder to understand), with existing apps given 90 days to update. Chrome Extensions will be removed in early January if they are found not with established guidelines or specifications.
Google Announces Changes To Improves Extension Experience
Over the last few years, the primary target of hacker is to target the Google’s Chrome Extension and theft the user cryptocurrencies or personal date, So Google announces some changes in the Chrome Extension to improve the security experience around extensions.
Starting in Chrome70, users will have the choice to prevent the extension host access to a custom list of sites or to configure the extension to require a click to get access to the current page.
Proceeding forward towards extension that request powerful permissions will be subject to an additional agreement review. We are also looking for the expansion which uses remotely hosted code, with continuous monitoring.
Google’s Chrome Web store will no longer allow an obfuscated code.
Obfuscated code means the code which is not clear and harder to understand.this includes external code as well as code within the extension package or resources retrieved from the web.
2-steps Verification method
In 2019, the 2-Step Verification method is necessary for Chrome Web Store developer accounts.
How Extensions Can Be Restricted To User Approved Sites
Right-click on an extension will uncover another menu that gives users determine when the browser add-on “can read and change site database.” Choices include “When you click the extension,” on the present site, and “On all sites.”
In the meantime, Google will subject Chrome extensions that demand “powerful permission” to an additional compliance review. The attention is on expansions that use remotely hosted code, with Google advising that permission should be “narrowly-scoped” and have all code included directly in the extension package.