Skip to content

Chrome closes add-on vulnerability

chromeextensionsNot long ago I wrote about a malware vulnerability with Chrome updates and extensions. Now, according to an item in Computerworld, it appears Google has finally slammed the door on the problem.

In 2012, Google began requiring that all new third-party add-ons be distributed through the Chrome Web Store. Then last year it began automatically disabling third-party add-ons that had been silently installed by other add-ons.

To circumvent that, vendors began buying add-ons that already existed in the Chrome Web Store and modifying them to distribute ads and malware such as JollyWallet.

Yesterday, February 20, Google issued another upgrade and this one finishes the job started in 2012. All extensions and add-ons now must originate from the Chrome Web Store and those previously installed from any other source will be “hard disabled,” meaning the user cannot re-enable them. For now this latest change only affects the Windows version of Chrome.


    • Occasionally something like this will percolate to the top and come to my attention, but you are right. There is so much going on that we never see, never hear about, and couldn’t understand or do anything about even if we were aware.

Now that I've had my say ...

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: