Slashdot Mirror
Google Is Too Slow At Clearing Junkware From the Chrome Extension Store
Mark Wilson writes Malware is something computer users — and even mobile and tablet owners — are now more aware of than ever. That said, many people do not give a second thought to installing a browser extension to add new features to their most frequently used application. Despite the increased awareness, malware is not something a lot of web users think of in relation to extensions; but they should.
Since the beginning of 2015 — just over three months — Google has already received over 100,000 complaints from Chrome users about 'ad injectors' hidden in extensions. Security researchers have also discovered that a popular extension — Webpage Screenshot — includes code that could be used to send browsing history back to a remote server. Google is taking steps to clean up the extension store to try to prevent things like this happening, but security still needs to be tightened up.
Since the beginning of 2015 — just over three months — Google has already received over 100,000 complaints from Chrome users about 'ad injectors' hidden in extensions. Security researchers have also discovered that a popular extension — Webpage Screenshot — includes code that could be used to send browsing history back to a remote server. Google is taking steps to clean up the extension store to try to prevent things like this happening, but security still needs to be tightened up.
Why do we need Google to be our App Nanny?
Because they run the repository. It's not Google saying, "only these extensions may install", it's them having a centralized location for the ones they've approved.
The faster they remove bad stuff, the more false positives they get in their removal process
As long as the appeals process is clear and genuine false positives are handled in a timely manner, this isn't necessarily a bad thing.
and independent developers will lose out in the process.
Github, Sourceforge, and "a Godaddy domain with the free-tier hosting" will happily enable independent developers to avail their Chrome extensions for download. If that's not okay, Firefox still has a viable market share, even IE supports add-ons. Depending on 1.) Google, 2.) Chrome, and 3.) the first party Chrome repo to distribute one's browser extension seems foolish, especially when it's still perfectly viable to take any combination of those away from the equation and still get a browser extension into the hands of end users. When Chrome sections off the greater internet...then we can talk.
Also, if I sound crabby and one sided about this, it's because half the users who have browser extensions have the malware-based ones that I need to remove because it keeps hijacking their search providers and home pages, injecting ads, and generally making a mess. I see this across every browser that supports extensions. While users should indeed be more vigilant about what they allow on their computer, I'll be okay with any measure to mitigate this problem that doesn't involve removing a manual override.
It's not Google saying, "only these extensions may install"
Did you miss the Slashdot article titled Google Starts Blocking Extensions Not In the Chrome Web Store from May of last year?