Chrome closes add-on vulnerability

chromeextensionsNot long ago I wrote about a malware vulnerability with Chrome updates and extensions. Now, according to an item in Computerworld, it appears Google has finally slammed the door on the problem.

In 2012, Google began requiring that all new third-party add-ons be distributed through the Chrome Web Store. Then last year it began automatically disabling third-party add-ons that had been silently installed by other add-ons.

To circumvent that, vendors began buying add-ons that already existed in the Chrome Web Store and modifying them to distribute ads and malware such as JollyWallet.

Yesterday, February 20, Google issued another upgrade and this one finishes the job started in 2012. All extensions and add-ons now must originate from the Chrome Web Store and those previously installed from any other source will be “hard disabled,” meaning the user cannot re-enable them. For now this latest change only affects the Windows version of Chrome.

2 thoughts on “Chrome closes add-on vulnerability

    1. Occasionally something like this will percolate to the top and come to my attention, but you are right. There is so much going on that we never see, never hear about, and couldn’t understand or do anything about even if we were aware.

... and that's my two cents