Chrome will soon warn users when they are about to download software that could try to change how the browser handles extensions. Specifically, this extension to the company’s Safe Browsing system looks for binaries that could allow potentially malicious extensions to be installed in the browser without the user’s knowledge. This new feature will roll out within the next few days.
Last December, Google already disabled silent extension installations by default. According to today’s announcement, enabling this protection mechanism “resulted in noticeable performance improvements in Chrome and improved user experience.”
The new feature builds on this and also tries to prevent malicious extensions from ever making it into your browser.
Google says it will identify binaries that “violate Chrome’s standard mechanisms for deploying extensions, flagging such binaries as malware.” Most of these malicious extensions try to get around the silent installation blockers, the company says. Once they get past this, an extension can’t be uninstalled or disabled by the user. Some binaries, Google says, also try to manipulate Chrome’s preferences to allow the browser to accept silent installs again and often come bundles with a malicious extension which they then immediately try to install, too, of course.
Google says its “recent measures” will detect and block these kinds of malicious extensions, but it doesn’t go into detail about how exactly it plans to do so.