Google is trying to make it’s browser “Chrome” more secure by introducing several measures to thwart malicious extensions, today Google added new measures to identify extensions that misuse Chrome’s central management settings or extensions that manipulate Chrome preferences.
According to Google, within a week, Chrome Users can see “Safe Browsing” malicious download warnings when attempting to download malware identified by new added measures.
I think Google’s intent of tightening security of Chrome is successful, earlier the company introduced new security measures in Chrome version 25, from this version the browser started to disable silent installation of external extensions on windows by default. According to Google, these measures not only protected users from unauthorized installations,but also increased the performance of Chrome and improved user experience.
Also recently Google announced that chrome is going to adopt a new rendering engine “Blink“, which intends to bring further security, compatibility with different multi-process architecture and further performance improvements. Blink will appear in Chrome 28 and also be adopted by other browsers based on Chromium — including the new version of Opera and RockMelt.
Coming back to details of new security measures, the Company describes that the new security measures will further increase the security level of the browser, the new measures targets extensions that exploit chrome’s standard mechanisms for deploying extensions and flag them as malware.
Further chrome Security team describes this malware in two types:
1.One variant of malware installs extensions, that are enabled by default and cannot be uninstalled or disabled by user.This type of malware misuses Chrome’s central management settings that are intended be used to configure instances of Chrome internally within an organization.
2.The other variant directly manipulates Chrome preferences in order to silently install and enable bundled extensions.
So with the new measures, chrome can detect and defend above described malware,however the security team didn’t revealed what type of measures are added to block these malware.
Also Google suggests extension developers must follow Chrome’s standard mechanisms for extension installation, which include the Chrome Web Store, inline installation, and the other deployment options described in the extensions development documentation.