Browser extensions have always been a two-edged sword. On the one hand, they offer invaluable services to power users by enabling them to customize their web surfing experience as needed. But, on the other hand, they may bug down PC performance.
Many people don’t even know that they’ve installed them, as they’re offered with deceptive tactics. Thus, Google has already removed the often-abused inline installation option from Chromium last year. And on Thursday, the company also announced that it’s further restricting deceptive installation tactics.
July browser extensions deadline
Even with inline installation removed, there are a couple of ways malicious actors can deceive people into installing their products. The most egregious tactic involves resizing the Chrome Web Store tab or window. This tactic makes it so users can’t see extension metadata or other further information on the item. But the possibilities for abuse start earlier than that. Websites also shouldn’t use misleading interactive elements on their websites, such as call-to-action buttons. These buttons suggest another outcome than the installation of an add-on. Another way developers could deceive users is by using “unclear or inconspicuous disclosures on marketing collateral preceding the Chrome Web Store item listing.”
Developers must make sure they comply with these changes by July 1, 2019. Otherwise, they risk being prohibited from the Web Store. It remains unclear whether a permanent ban would be enforced. It’s also unclear if access to distribution would be restored once the extension’s install workflow is updated.
On another note, Google is putting some effort into user privacy with an update to Project Strobe. This requires browser extensions to use as little private data as possible to still retain functionality and add privacy policies on how they use said data.