Navigation

    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Users
    • Groups
    • Rules
    • Help

    Do more on the web, with a fast and secure browser!

    Download Opera browser with:

    • built-in ad blocker
    • battery saver
    • free VPN
    Download Opera

    Google making extensions more secure

    Opera add-ons
    1
    1
    720
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • rudrick
      rudrick last edited by

      Google wants to make Chrome Extensions more secure
      https://www.ghacks.net/2018/10/02/google-wants-to-make-chrome-extensions-more-secure/

      *Extension developers face a number of changes as well. Extensions that use obfuscated code are no longer allowed on the Store. Existing extensions that use code obfuscation have a grace period of 90 days while new extensions can't have any obfuscated code as they will be denied otherwise.

      Google revealed that over 70% of malicious and policy violating extensions make use of code obfuscation, often to avoid detection by the Store's automatic scans to detect malicious or problematic extensions.

      The change does not affect minification efforts to reduce the size of code. Minification techniques that are still allowed include removal of whitespace or code comments, or the shortening of variables and functions.

      Existing extensions that are offered in Store at the time have 90 days to upload extension code that is not obfuscated. Extensions that fail to meet the deadline will be removed from the Chrome Web Store as a consequence.

      Another change that affects extension developers directly is that developers need to enable 2-step verification for developer accounts in 2019.

      Criminals have tried (and succeeded) in gaining access to developer accounts in the past to hijack accounts and push out extension updates that introduce malicious or problematic code

      The third and final change affects the review process. Chrome extensions are reviewed automatically when a developer submits them. While automation is cost-efficient, it does not offer 100% protection against malicious extensions as the past has shown.

      Extensions "that request powerful permissions" will have to pass "additional compliance" reviews and extensions that "use remotely hosted code" will be monitored closely.

      Google plans to release an updated Manifest for extensions in 2019 "to create stronger security, privacy, and performance guarantees". Key goals include giving users additional mechanisms to control extension permissions, APIs that are "more narrowly-scoped", and introduction of new capabilities.*

      Reply Quote 0
        1 Reply Last reply
      • First post
        Last post

      Computer browsers

      • Opera for Windows
      • Opera for Mac
      • Opera for Linux
      • Opera beta version
      • Opera USB

      Mobile browsers

      • Opera for Android
      • Opera Mini
      • Opera Touch
      • Opera for basic phones

      • Add-ons
      • Opera account
      • Wallpapers
      • Opera Ads

      • Help & support
      • Opera blogs
      • Opera forums
      • Dev.Opera

      • Security
      • Privacy
      • Cookies Policy
      • EULA
      • Terms of Service

      • About Opera
      • Press info
      • Jobs
      • Investors
      • Become a partner
      • Contact us

      Follow Opera

      • Opera - Facebook
      • Opera - Twitter
      • Opera - YouTube
      • Opera - LinkedIn
      • Opera - Instagram

      © Opera Software 1995-