Google promises better protection against deceptive Chrome inline installations - gHacks Tech News

Google promises better protection against deceptive Chrome inline installations

Google announced today on the official Chromium blog that it will improve the Chrome browser's protection against deceptive inline installations.

When Chrome launched, extensions could be installed from anywhere. Sites sprang up that hosted multiple extensions, and any developer or company could offer extensions on their sites. The Chrome Web Store was released in December 2010, more than two years after the release of the first version of Google Chrome.

Google changed the process in 2012 when it introduced inline installations as a way to better protect users.

Inline installations, along with changes to Chrome's support for non-Chrome Web Store installations, required that developers uploaded their extensions to the Chrome Web Store first before they could offer them on their websites or third-party websites.

chrome inline installation

Google's idea was to enforce the use of the Chrome Web Store for all extensions so that it could scan them and block them from being distributed this way. Nav Jagpal and Benjamin Ackerman, two members of Google's Safe Browsing team, note that the inline installation system reduced user complaints by 65%.

They acknowledge however that "fewer than 3% of extensions" engage in "deceptive or confusing install flows" today, and that these "generate 90% more user complaints on average".

Google's plan to combat inline extensions that make up the less than 3%? More automation of course. The company plans to upgrade the automated inline installation abuse detection system to improve "detection speed" and improve the detection of extensions that abuse the system.

Google will use machine learning " to evaluate each inline installation request for signals of deceptive, confusing, or malicious ads or webpages" as well. If Google's algorithms detect signals, Chrome will block the inline installation request and redirect Chrome users to the extension's Chrome Web Store presence instead.

Google published additional information on the company's Chrome Developers website. The Enforcement FAQ highlights when developers are notified and why Google disables inline installations for specific extensions.

Closing Words

Google doing something against abuse of the inline installation system is a good thing, but I'm more worried about the company's extension vetting process.  Incidents in the past have shown time and time again that malicious or invasive extensions will slip through the cracks and pass Google's automatic examinations (see Google pulls crypto-mining Chrome extension Archive Poster or Another Chrome extension horror story: coinhive and domain registration)

Now You: What should Google do in your opinion against malicious extensions?

Summary
Google promises better protection against deceptive Chrome inline installations
Article Name
Google promises better protection against deceptive Chrome inline installations
Description
Google announced today on the official Chromium blog that it will improve the Chrome browser's protection against deceptive inline installations.
Author
Publisher
Ghacks Technology News
Logo

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Stefansart said on January 5, 2018 at 10:23 pm
    Reply

    Martin, one way to overcome the protests You get from visitors on this site is to let the visitor to choose what theme, new or old, the visitor want to use when on this site. Sure, more job for You maybe, but still it makes the site to be as the VISITOR wants it, not how YOU want it. (I still hate this new theme, it makes my eyes sore….)

    1. Jacob said on January 6, 2018 at 11:12 am
      Reply

      This new theme is now even better because he reduced the font size to normal again. For me it’s perfect now.

    2. Weilan said on January 6, 2018 at 11:16 am
      Reply

      I don’t know what people’s problem is. Things change, like it or not. I personally liked the state of the web and Windows between 2006 and 2010, after that came garbage like Windwos 8 and Windows 10, that flat design crap and whatnot, I don’t like the current state of things, but I’ve sort of accepted it and in hopes that design goes in circles like fashion, so in the future we may have glossy gradient design again, not the same, but similar… one can only hope…

      I liked the UI of Firefox 2.0 and 3.0, the new UIs of browsers are an eyesore for me, but the only half-decent browser with an old UI is Pale Moon and its support of the web is really poor, you can’t Print Screen and press Ctrl+V in imgur.com to post a screenshot and many other small details that make it horrible, so I have to accept the stupid changes and move on.

      You and others should do the same, yeah, choice is always a nice thing to have, but having to support two different layouts isn’t an easy job. I’m here for the news articles, not how the website looks.

    3. kalmly said on January 6, 2018 at 2:50 pm
      Reply

      It’s Martin’s site. He gets to choose how it looks, not you, not me. He couldn’t possibly please all of us. I’m with Weilan on the UIs and will never give up the hope that preferences will circle back to the days of readability, attractive web pages and applications, and less scrolling.

      However, isn’t the article about Google’s latest promise? About that I have this to say: Google can’t be trusted.

  2. Ray said on January 6, 2018 at 3:50 pm
    Reply

    Loving the new format of the site. Much cleaner

Leave a Reply