About 70% of extensions for Chrome, blocked by Google, contain obfuscated code.
Google has updated the Chrome Web Store policy, adding five new rules designed to prevent malicious applications from being hosted on the Internet, and to protect users.
In particular, from now on, Chrome Web Store will not accept applications with obfuscated (tangled) code. According to the company, about 70% of extensions for Chrome, blocked by Google, contain obfuscated code. Code obfuscation affects performance and has no advantage, according to Google. In this regard, the company decided to completely ban such applications. The technogiant has provided developers with a deadline of January 1, 2019 to bring extensions in line with new requirements and remove obfuscated code.
The company also intends to add to Chrome Web Store an additional procedure for checking new extensions that require a wide range of permissions in the browser, as well as applications whose code is stored on remote systems. That is, according to the new requirement, the extension should request only the necessary permissions to work, and its code should be included directly in the package.
The third change relates to a new feature in Chrome 70, scheduled for release this month. With the release of Chrome 70, users will be able to limit the extensions to certain sites, which will prevent the execution of malicious extensions on confidential pages (Internet banking, cryptocurrency wallets, mailboxes, etc.). In addition, extensions can only be executed if the user selects the appropriate option in the Chrome menu.
Starting in 2019, developers will need to use Google’s two-factor authentication mechanisms. This measure is aimed at preventing cases of interception of developer accounts and the introduction of malicious code in official applications.
Finally, the fifth requirement concerns the new version of the manifest guide for .json files, which contains instructions on how to interact with extensions with Chrome. The new version of the manual will be presented only in 2019, but Google believes that developers should be prepared in advance. Most of the changes in Manifest v3 are related to new features in Chrome 70, in particular, the mechanisms that allow users to control the permissions of extensions.