Categories: ICO

Google Moves to Protect Chrome Users From CryptoJacking and Hacks

Click here to view original web page at www.coindesk.com

Google is bringing in stricter rules for Chrome extension developers, a move should reduce the risk of crypto hacks and mining malware.

Announced Monday, the web and technology giant is planning a series of changes to the way Chrome handles extensions that request extensive permissions, and is also tightening the rules for developers distributing extensions via the Chrome Web Store.

Google said in a blog post:

"It's crucial that users be able to trust the extensions they install are safe, privacy-preserving, and performant. Users should always have full transparency about the scope of their extensions' capabilities and data access."

From Chrome 70 (currently in beta), users will have the ability to restrict an extension's access to a custom list of sites, or to set extensions to require permission each time they need to gain access to a page, the company explains.

Google adds that extensions that request "powerful permissions" will be subjected to "additional compliance review."

"We're also looking very closely at extensions that use remotely hosted code, with ongoing monitoring," the post states.

The firm explains the move, saying "While host permissions have enabled thousands of powerful and creative extension use cases, they have also led to a broad range of misuse – both malicious and unintentional ... Our aim is to improve user transparency and control over when extensions are able to access site data."

Google also said that, from Monday, Chrome Web Store will no longer allow extensions with hidden, or obfuscated, code. Existing extensions with obfuscated code have 90 days to comply with the new rule, it adds.

According to the post, more than 70 percent of "malicious and policy violating extensions" that Google blocks from the Web Store contain obfuscated code. Further, as obfuscation is "mainly used to conceal code functionality," it greatly adds to the complexity of the Google's extension review process.

"This is no longer acceptable given the aforementioned review process changes," Google stated.

And in a final security measure, in 2019, all extension developer accounts must be protected by 2-step verification to lower the risk of hackers taking over an account.

In the past, Chrome extensions have been used by cyber-criminals to provide access to victims machines.

For example, just a month ago, hackers uploaded a malicious version of the Mega extension to the Web Store. People who used the official installer over the next few hours had their accounts compromised, according to ZDNet – including users of the MyEtherWallet and MyMonero crypto wallets, and decentralized exchange IDEX.

Google has also been forced to crack down on extensions that used downloaders' devices to mine cryptocurrencies without their knowledge. In April, the Web Store blocked extensions that mine cryptocurrencies, whether or not mining was a deliberate feature.

Chrome icon image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Announced Monday, the web and technology giant is […]

cinerama

Illuminati, Mason, Anonymous I'll never tell. I can tell you this, global power is shifting and those who have the new intelligence are working to acquire this new force. You matter naught except to yourself, therefore prepare for the least expected and make your place in the new world order.

Disqus Comments Loading...
Share
Published by
cinerama

Recent Posts

Bitcoins and Cryptocurrency: Myths and realities

Part 2: The Journey This is a story of secret beginnings. A story of a brilliant idea, born of trying… Read More

5 hours ago

Twitter is Losing its S%# Over This $4 Million Golden Toilet

An solid gold toilet from Churchill's birthplace goes missing. | Source: AP Photo, File Golden toilets don’t come around very… Read More

5 hours ago

eToro Aims to Put Derivatives on the Blockchain With Lira Programming Language

eToro , an Israel-based exchange platform, revealed a new programming language designed to simplify derivatives trading.Speaking ahead of the Ethereal… Read More

5 hours ago

Gartner sees blockchain as ‘transformational’ across industries, in 5-10 years

Credit: Dreamstime Research firm Gartner, whose past evaluations of blockchain have been conservative to say the least , expects the… Read More

11 hours ago

The Future Lies in Blockchain: Circle CEO Jeremy Allaire Backs China’s Cryptocurrency and Facebook’s Libra

The year is 2017. Cryptocurrencies and their underlying blockchain technology are sternly poised to take over the world. Investors, all… Read More

11 hours ago

Ethereum-based Staked Not Efficient, Claims DeFi Builder

Much like banks, there is competition with the Ethereum decentralized finance (DeFi) ecosystem; each protocol and ecosystem offers different benefits… Read More

11 hours ago

This website uses cookies. We use these cookies to collect data about your interaction with our website for the purpose of continuously improving your experience with our site. For more information we encourage you to read our privacy policy.

Read More