Google announced the Chrome extensions system nearly a decade ago. Since then, Chrome extensions have become immensely popular among Chrome desktop users and now there are over 180,000 extensions in Chrome web store. Due to its popularity, over the past few years, extensions have become a target for hackers leading to many malicious extensions. Google today announced some upcoming changes to improve the security experience around extensions.
- User controls for host permissions: Beginning in Chrome 70, users will have the choice to restrict extension host access to a custom list of sites, or to configure extensions to require a click to gain access to the current page.
- Changes to the extensions review process: Going forward, extensions that request powerful permissions will be subject to additional compliance review. We’re also looking very closely at extensions that use remotely hosted code, with ongoing monitoring.
- New code readability requirements: Starting today, Chrome Web Store will no longer allow extensions with obfuscated code. This includes code within the extension package as well as any external code or resource fetched from the web. This policy applies immediately to all new extension submissions.
- Required 2-Step Verification: In 2019, enrollment in 2-Step Verification will be required for Chrome Web Store developer accounts.
- Looking ahead: Manifest v3: In 2019 we will introduce the next extensions manifest version. Manifest v3 will entail additional platform changes that aim to create stronger security, privacy, and performance guarantees.
Read about these changes in detail from the source link below.