To continue its war on bad extensions, Google is putting a few new precautions in place as a part of its Enhanced Safe Browsing initiative to ensure that users who visit the Chrome Web Store are only getting extensions that benefit them and respect their privacy. Beginning with Chrome 91, a new prompt will appear before installing an item that will alert the user regarding permissions and data it seeks to use, and whether or not it’s considered trustworthy.
You’ll notice that these prompts look identical to those that appear for app installs in the Google Play Store. I’ve long since said that the company should implement the same approach for the Web Store – notifying users of how a developer will use their information – but until recently, it seems like the store itself has been neglected and forgotten. Hopefully, after all of these extension revamps are finished, we’ll get a complete redesign as well.
Any extensions built by developers who follow the Chrome Web Store Developer Program Policies will be considered trusted by Enhanced Safe Browsing by default, but new developers will be required to wait at least a few months before getting their badge. If they continue to respect a user’s privacy and data during that time period, they will rid themselves of the ‘Proceed with caution’ prompt their users will encounter upon installation.
Enhanced Safe Browsing will also offer new protections against potentially malicious files downloaded via Chrome. In addition to the first level check that already exists, a new option for sending the file to Google Safe Browsing will now appear after the initial scan and if the company deems it unsafe, it will automatically cancel your download, block the file and let you discard it.
This uses both static and dynamic analysis classifiers in real time, presumably checking it again a database of files it’s already marked as unsafe. You can see an example of this in action above. If you know the file is safe, and want to bypass the scan and discard automation, you can simply skip the scan and grab your file.