Chrome security is getting better, as the Google announced via the Chrome blog additional measures that will be deployed in order to prevent users from getting a malicious extension installed.
Google had already prevented silent installs of extensions from happening in Chrome, meaning that extensions would no longer be allowed to install without the user confirming the installation. Google says that the measures it has taken have translated into improvements in terms of performance and user experience.
Now the company goes further, allowing Chrome to identify extensions that try to install by bypassing the silent installation blocker mentioned above. Such a case is the one in which the management settings used to configure Chrome internally in an organization are misused (with the user left unable to disable or uninstall the malicious extension) or when settings are manipulated to allow silent installations.
Chrome’s methods of detecting such malware have been improved and the browser will be displaying a warning when such software is identified. Warnings should start appearing as of next week, and developers are encouraged to use Google’s standard mechanisms for extension installation (and, considering the way Google has removed apps that didn’t adhere to its policies from the Google Play Store, it would be wise of developers to do so).