Application security, Cloud Security, DevSecOps

‘Gatekeeper’ Google aims for safer extension installs, fewer phishing attacks

A sign is displayed at the Google outdoor booth during exhibitor setups for CES 2020 at the Las Vegas Convention Center in Las Vegas, Nevada. Google announced that Chrome will default to HTTPS starting in April. (Photo by Mario Tama/Getty Images)
A sign is displayed at the Google outdoor booth during exhibitor setups for CES 2020 at the Las Vegas Convention Center in Las Vegas, Nevada. (Photo by Mario Tama/Getty Images)

Google on Thursday announced additional new features to help Enhanced Safe Browsing users make better choices when they install extensions from the Chrome Web Store. The tech giant also will offer added protections against downloading malicious files on the web.

In a blog post, Google said a dialog box will inform users if an extension they are about to install is not part of the list of extension trusted by Enhanced Safe Browsing.

An extension built by a developer who follows the Chrome Web Store Developer Program Policies will be considered trusted by Enhanced Safe Browsing. For new developers, it will take at least a few months of respecting these conditions to become trusted. Eventually, Google said it strives for all developers with compliant extensions to reach trusted status. Today, nearly 75% of all extensions in the Chrome Web Store are trusted and that number is expected to grow.

Google has clearly been a leader in promoting web user safety and security and should be commended for prioritizing this further, said Tim Wade, technical director, CTO Team at Vectra. However, Wade pointed out that being in the gatekeeper position of determining what’s trustworthy gives tremendous influence to an organization that owns more than three-quarters of browser market. 

“So long as the rules of gatekeeping are simple and transparent, and user safety and security remains central to the mission, we can sleep well at night knowing less people will be at risk when pursuing the essential web services they depend on,” Wade said.

Austin Merritt, cyber threat intelligence analyst at Digital Shadows, said when Chrome users have Safe Browsing enabled, Chrome shares additional browsing data with Google to allow for more accurate threat assessments. Enhanced Safe Browsing warns users about potentially dangerous files by sourcing metadata that detects malicious indicators and URLs. It can also alert users if a data breach has exposed their password.

“Although the new safeguards will likely raise more privacy concerns when it comes to sharing data with Google, Safe Browsing is an optional tool that so far has proven to be effective in reducing the likelihood of successful phishing attacks,” Merritt said.

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.