Google bans Chrome cryptocurrency mining extensions
James Wagner, Google Chrome Extensions Platform Product Manager, announced yesterday that Google decided to ban cryptocurrency mining extensions in the company's Chrome Web Store.
Cryptocurrency mining in the browser context is a relatively new phenomenon but one that is on the rise. One has to distinguish between mining scripts that run as scripts on websites and mining extensions that get installed in the browser by users or malicious actors.
Website mining scripts make up the bulk of mining activity of browsers. Website mining happens automatically in the background provided that the mining script or connection to mining servers is not blocked.
You have to distinguish between user installed mining extensions that were installed for the purpose, and extensions that were installed by third-parties or downloaded mining components after user installation.
The former type is installed with user approval, the latter without.
Google allowed mining extensions in the Chrome Web Store provided that mining was "the extension's single purpose" and that the user was "adequately informed" about the mining nature of the extension.
About 90% of all mining extensions uploaded to the Chrome Store did not meet Google's policies in regards to mining extensions. The extensions were either rejected outright or removed from Store after the fact.
The decision was made to ban cryptocurrency mining extensions from the Chrome Web Store because of that. Chrome's Web Store won't accept extensions anymore that mine cryptocurrency in the web browser. Extensions that are listed in the Chrome Web Store currently will be removed by Google in the coming months (late June).
The change won't affect non-mining extensions that deal with blockchain or mining related topics such as cryptocurrency exchange rates or news.
James Wanger, on behalf of Google, failed to disclose how the company wants to ensure that mining extensions won't find their way into the Store anymore. The Store has a track record of being abused by malicious actors, often in form of browser extensions that downloaded additional modules when run by users.
Google's Web Store uses algorithms to check and verify uploaded extensions. Threat actors managed to bypass the automatic checks time and time again; the situation got worse in recent time with the rise of cryptomining extensions and Google promised recently that it would do something about that.
It remains to be seen how well Google's algorithm is at detecting cryptomining extensions. While it will block the bulk of extensions I would not hold by breath that it will have a 100% detection track record.
Now You: have you encountered mining extensions or sites?