The Windows version of Google Chrome is one of the most widely used browsers. And Google is now tightening restrictions on browser extensions that install themselves without full notification to users.
This may be frustrating for companies that bundle browser extensions with their standard user download packages. But it will make the Chrome browser more secure and set a positive security example for browser extensions generally. And for the IT community at midsize firms, this is a welcome development.
Browser extensions have become an all too popular vector for malware exploits. This makes better protection of browsers good news for all users–not just individuals using a browser to surf the Internet, but companies that depend on the open Web to reach out to customers.
As Seth Rosenblatt reports at CNET, Google Chrome for Windows will now require most browser extensions to get explicit user acknowledgment and permission before the extension can be installed. Two new features in Chrome 25 will enforce the new rules.
The only extensions exempt from the new requirement are those that come directly from the Chrome store, and are thus under the Google aegis.
According to Peter Ludwig, Chrome product manager, the previous policy of allowing silent installation of third-party extensions had been “widely abused” to install extensions “without proper acknowledgement from users.” Henceforth, third-party extensions will be disabled by default. A notification box will say that an extension has been installed and give the user the option of enabling it.
Another feature in Chrome 25 will make this protective functionality retroactive. Existing third-party extensions will be disabled, with a prompt allowing users to re-enable them.
In Line With Mozilla
The new protective functionality brings Chrome into line with Mozilla Firefox, which already requires notification by third-party add-ons. The move may be unwelcome by some companies and other organizations that have incorporated browser extensions in their uploads. But comments on the CNET piece were strongly supportive of the move.
IT professionals at midsize firms have a strong stake in measures that strengthen browser security. Browsers are users’ doors to the open Web, an environment that allows midsize firms to compete on an even playing field.
The mobility era is already posing a challenge to the open Web, as app-ification and walled gardens make the full Web harder to reach. The continued availability of safe, secure browsers is a key protection against the fragmentation of the Web and dominance by large vendors. This makes the latest Chrome for Windows protections a very good move for midsize firms.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.