How Chrome Could Reduce The Extension Privacy Concerns

Whenever a user installs a Chrome extension, a warning message is shown about the permissions required by that extension, exactly similar to the app installation prompt on the Android. This is very helpful for the users, as it warns them about the possible privacy concerns.

 

chrome-extension-permissions

Whenever I discover a useful extension, but see warning messages like “It can read and change all your data on the websites you visit” or “It can read and change your browsing history”, I have no choice but to skip that extension. I simply can’t take the risk of installing any spyware or adware in the name of browser extension. We all have already seen many examples (1, 2) in past, where a popular extension was involved in unethical and malicious activities.

Google Can Reduce The Fear

Interestingly, Google doesn’t allow extensions on Chrome Web Store in order to enhance the security. No extension can inject JavaScript or CSS on the Chrome Web Store pages. I wish Google extends this restriction for other websites. Users could “whitelist” desired domain names, so that no extension is allowed to inject JS or CSS on the web pages hosted on these domains. Users would be able to block extensions on important websites, like sites of banks and other financial institutions.

If you like this idea, please star this issue on Chrome bug tracker (you need to login first).

arpit

Posted by Arpit

Arpit is a web enthusiast watching browsers for long. He maintains several browser-based tools including many popular extensions. Follow Arpit on Twitter, or email him at editor@browsernative.com.
Post last updated on July 8, 2016.

You may also like ...

1 Response

  1. Rutledge says:

    Please read the comment #3 by “rdcronin” on this page https://bugs.chromium.org/p/chromium/issues/detail?id=625888#c3

    You can enable the Chrome flag chrome://flags/#extension-active-script-permission which is quite interesting idea. Thanks for your post.

Leave a Reply

Your email address will not be published. Required fields are marked *