After years of issues with rogue Chrome extensions, hijacks, and malware, Google announced a slew of new policies Thursday to ensure the little browser applets are secure. The improvements come as part of a wider company push to evaluate how much user data third-party applications can access. Google launched the audit, known as Project Strobe, in October alongside an announcement that Google+ had suffered data exposures and would be shuttered.
Later this year, Google will begin requiring that extensions only request access to the minimum amount of user data necessary to function. The company is also expanding its requirements around privacy policies: Previously, only extensions that dealt with personal and sensitive user data had to post the policies, but now extensions that handle personal communications and other user-generated content will need to articulate policies, as well. Google says it is announcing these changes now so developers have time to adapt before the new rules take effect this fall.
Lily Hay Newman covers information security, digital privacy, and hacking for WIRED.
"To make this ecosystem successful, people need to be confident their data is secure, and developers need clear rules of the road," Google Fellow and vice president of engineering Ben Smith wrote on Thursday. "There are more than 180,000 extensions in the Chrome Web Store, and nearly half of all Chrome desktop users actively use extensions.… Last October, we shared our intention to ..
Support the originator by clicking the read the rest link below.
