Google: Chrome Safety Check to warn users of malware extensions but removal is DIY

Sponsor ad - 728w x 90h (at 72 dpi)

Starting with Version 117, Google is implementing a feature in Chrome that will warn users when extensions have been removed from the Chrome Web Store.  The warning is limited to extensions that have been marked as malware, un-published by the developer, or in violation of Google’s Chrome Web Store policy.

Google says this feature is designed “to keep the ecosystem safe for users while limiting the chances that this will impact genuine extensions. If an issue is resolved, the notification is automatically cleared. The notification will not be displayed for an extension when the developer has been notified of a possible violation and has been given time to address the issue or appeal.

Sponsor ad

Google says users are “most likely to encounter this feature” under Chrome’s Privacy and Security setting.

Image source: Google

Intervention is the user’s responsibility, unless…

Google says that if an extension has been identified under these conditions, the user must click Review and choose whether or not to keep the extension.  Thankfully, Google will automatically disable extensions marked as malware.

Also, Google is beginning to enforce https:// and will display warnings to users attempting to download files over an insecure connection.  “Our ultimate goal is to enable HTTPS-First Mode for everyone,” Google said, and is expanding it to users using incognito mode, for sites that the user accesses over HTTP, and under other conditions.

Further reading

Bringing Safety check to the chrome://extensions page. Article. by Oliver Dunk, Developer Relations Engineer for Chrome Extensions. August 16, 2023. Google developer site.

Toward HTTPS by default. Article. August 16, 2023. Chromium Blog, Google

Why it matters

While these initiatives are intended to convey a sense of responsibility by Google, Piracy Monitor finds these efforts to be minimal, overly passive, and likely to be ignored.  A cynic might say that Google doesn’t want to reduce the likelihood that using a malicious extension might boost Google ad revenue.

A 2021 study by the Digital Citizens Alliance said that as much as 40% of fraudulent advertising goes through Google, whose content delivery network appears to have been used to place 38 percent of all ads on piracy apps.  Google’s ad brokering services appear to have been used in facilitating 13 percent of pirate ad placements.  Google was among the leading advertisers on piracy apps – for Google’s own products and services – accounting for five percent of all Major Brand advertising; potentially accounting for millions of dollars paid to pirates, according to Digital Citizens Alliance.

Furthermore, average browser users are not sensitive to all the risks that happen in browsers.  Most users in the general public are unaware of basic practices such as clearing browsing history and regulating cookies, let alone know to look in their settings for potentially malicious software.

As Google itself says, “Downloaded files can contain malicious code that bypasses Chrome’s sandbox and other protections, so a network attacker has a unique opportunity to compromise your computer when insecure downloads happen.”

From our Sponsors