A Google software developer has published a Chrome extension that alerts users when installed extensions change ownership. If any changes are made to the owner information, a red warning badge will be displayed near the extension icon.

The Chrome extension Under New Management checks every hour to see if the developer information of installed extensions in the Chrome Web Store has changed, writes Google developer Matt Frisbie on the tool’s GitHub page. When extensions are sold or compromised, in almost all cases the new owner plans to defraud existing users, Frisbie claims. For example, trackers or malicious code can be added to the extension.

Normally, users are not notified when an extension changes ownership, the developer writes. With this extension, users are alerted by a red badge that appears on the extension icon. By the way, the extension does not keep track of changes made to the source code; Users will only be notified if something changes to the information on the Chrome Web Store. Frisbie lets you know that he is also working on a similar extension for Firefox. To The Register he claims that the Chrome development team is also already working on making this detection a standard part of the browser’s Web Extensions API.

Google stops from next June to support Manifest V2 extensions, because they are said to be less privacy-friendly and secure than extensions based on Manifest V3. With the latter, for example, it is no longer possible to remote code to use, which should make it easier for Google to test the security of an extension. Frisbie told The Register that Manifest V3 is generally successful at this, even when malicious code is added after a change of ownership, but that this is “the only line of defense.” “Also, Manifest does not take into account if a new update is not necessarily malicious, but could export or misuse users’ data, or inject advertisements,” he adds.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *