Google has announced a number of security changes in the Chrome extensions system: a more thorough extensions review process, better user controls, and a new manifest that should provide stronger security, privacy, and performance guarantees.
The Chrome Web Store will also no longer allow extensions with obfuscated code and, starting next year, Google will require all developer accounts to be additionally secured with 2-step verification.
A number of popular Chrome extensions were hijacked through phishing last year. More recently, an email campaign impersonating a Google employee and asking developers to provide a valid postal address has been mounted with the same goal: lead them to a fake login page.
Leave a reply