Google is planning to improve the security of extensions in Chrome 70, currently on preview release, with new rules for developers.
The new rules will enable users to specify which websites can be accessed by the extension, partially closing a privacy loophole in which legitimate extensions are bought by shady operators and then exploited.
Users will also be able to click a single button to give access to an extension that needs it.
The new rules are in effect now, meaning new submissions to the Chrome Web Store that don't meet the criteria are no longer being accepted. That means anything with obfuscated code.
Google explains, "…first and foremost, it's crucial that users be able to trust the extensions they install are safe, privacy-preserving, and performant. Users should always have full transparency about the scope of their extensions' capabilities and data access."
From 2019, all developers will need two-factor authentication (2FA) on their accounts to make it less likely that someone could doctor and post a fake version of an extension.
All this is a curtain raiser to an initiative called "Manifest v3", which will bring in a range of improvements, including more narrowly-scoped and declarative APIs, additional user mechanism for permissions and modernised options, such as a new type of background process.
And this will mean more work for developers.
"We recognise that some of the changes announced today may require effort in the future, depending on your extension. But we believe the collective result will be worth that effort for all users, developers, and for the long term health of the Chrome extensions ecosystem."
Extensions with obfuscated code have until the end of the year to be rewritten or Google will remove them. And if there's any remotely hosted code in there, Google has its eye on that, too.
Previously, Google announced that sideloading extensions from outside the Web Store will be outlawed, starting in Chrome 71. This, again, is another move intended to improve security.
Freshly launched 11nm Qualcomm silicon will come with Adreno 612 GPU
Are pinning down the exact rate of expansion of the Hubble constant
RISC OS 5 to form the basis of RISC OS Open after Castle Technology sells to RISC OS Developments
A smartphone maker fiddling its benchmarking scores? That's unusual, isn't it?