One of the great thing about Google Chrome is the ease at which it can be customized through the use of web extensions. Ad blockers, spell checkers, and password managers are just a few of the now more than 180,000 different web extensions that add functionality to Chrome. But these extensions are not without their problems, while most are designed to benefit the user some developers have begun to exploit the system to gain access to user data.
As a result of the rise in malicious web extensions popping up on the Chrome web store, Google has recently announced several large changes that aim to provide a safer experience for the end user. Additional control over restricting extensions ability to modify pages or completely block them from working on certain sites altogether. Greater scrutiny over web extensions that control a large amount of the browser, as well as extensions that have poorly written code. Beginning in 2019 Google will make it mandatory that developers making extensions use two step authentication to reduce the ease for malicious intervention.
Chrome Extension Product Manager James Wagner said in the post detailing the changes "it’s crucial that users be able to trust the extensions they install are safe, privacy-preserving, and performant. Users should always have full transparency about the scope of their extensions’ capabilities and data access."