Chrome's new "Proceed with Caution" warning when installing new or untrusted extensions
Google Chrome's Enhanced Safe Browsing feature will soon display warnings to Chrome users when extensions are about to be installed that are either new or untrusted by Google.
Enhanced Safe Browsing is an opt-in feature that extends the capabilities of Safe Browsing, a security feature that is protecting Chrome users by default against malicious extensions, downloads, or websites.
Google Chrome will block the installation of malicious extensions, provided that the extensions are flagged by Google staff. Google notes that the number of disabled extensions increased by 81% in 2020 alone.
New browser extensions for Chrome that are published on the official Chrome Web Store for extensions, are not handled differently than established extensions; this will change soon for Chrome users who have enabled Enhanced Safe Browsing in the web browser.
Extensions that are considered new by Google, and extensions that are not trusted because of Chrome Store Developer Program Policies issues, will soon be handled differently in Chrome for these users.
Chrome displays a "Proceed with caution" prompt when users select the "add to Chrome" option on the Store.
The prompt reveals that the extension is not trusted by Enhanced Safe Browsing. A learn more link is provided, and users may either continue with the install or close the prompt and cancel it.
The continue to install button leads to the default extension installation prompt in Google Chrome.
Google does not define "new" in the blog post on the company's Google Security blog, but reveals that it will at least take a few months for new developers to become trusted by Enhanced Safe Browsing.
Most extensions are considered trusted already. According to Google, "nearly 75% of all extensions" are considered trusted. The company expects the number to keep growing in the coming months and years.
The new warning prompt will impact extension installations, as it may make users feel unsure about the installation.
Enhanced Safe Browsing was launched in May 2020. The feature is controversial despite being opt-in, as it will send browsing data such as URLs and a "small sample of pages, downloads, extension activity, and system information" to Google.
Configure Safe Browsing in Chrome
Chrome users may configure the status of Safe Browsing on the following page: chrome://settings/security
The three options are:
- Enhanced Protection -- Faster, proactive protection against dangerous websites, downloads, and extensions. Warns you about password breaches. Requires browsing data to be sent to Google.
- Standard Protection -- Standard protection against websites, downloads, and extensions that are known to be dangerous.
- No Protection (not recommended) -- Does not protect you against dangerous websites, downloads, and extensions. You’ll still get Safe Browsing protection, where available, in other Google services, like Gmail and Search.
Chrome users who have enabled Enhanced Safe Browsing will benefit from the change. New and untrusted extensions can still be installed, but an intermediary prompt needs to be interacted with beforehand.
Enhanced Protection is enabled by default in Chrome Version 92.0.4515.40 (Official Build) beta (64-bit). I personally like the function.
This looks bad.
1. strongly encourages gaining control over already ‘trusted’ extensions, especially ones with a large install count.
2. ‘new problems’ will have the addons that are created as their solutions misleadingly called ‘untrusted’ and maybe even made less visible even if theyre made by a known trusted addon maker. This will be meant to discourage resolving issues with the browser’s implementations that may be anti-consumer or harmful ot privacy, and encouraging chrome users to activate enhanced safe browsing (tricking users into leaking their browser activity).
What happens when the extension is sold or abandoned and not-so-trustworthy developer offers a modified version? Does it get the Google tick of approval via the absence of a warning until the trail-blazing enw users discover something is wrong and eventually one of them reports it?
“Requires browsing data to be sent to Google”
That message also should show up when users first open Chrome.
Another warning? Wow, is there room for even more warnings in Chrome? Soon there will be a warning about how Oh-So-Dangerous browsing is when the browser is opened. Recent Chromia have an insane number of nags and warnings for most everything you do.
The third option is weird, no protection except for search, which is google for most users and protected. Round and round.
My AV and system level ad blocker do this stuff, makes browsing much faster and yes, they do find things occasionally.
I’m truly not able to understand why web-browsers policies have to break into our user’s personal space that much. Okay, from one point of view they are trying to make our information and computers more protected, but I feel like sooner or later they’ll cross that line and we won’t be able to use whatever service we want. Why others should decide what is trustworthy and what’s not? Isn’t it our right as a customer to choose which extension to count as trusted?