Google Chrome's New Feature Alerts Users About Auto-Removal of Malicious Extensions
19.8.23 Safety The Hacker News
Google has announced plans to add a new feature in the upcoming version of its Chrome web browser to alert users when an extension they have installed has been removed from the Chrome Web Store.
The feature, set for release alongside Chrome 117, allows users to be notified when an add-on has been unpublished by a developer, taken down for violating Chrome Web Store policy, or marked as malware.
The tech giant said it intends to highlight such extensions under a "Safety check" category in the "Privacy and security" section of the browser settings page.
"When a user clicks 'Review,' they will be taken to their extensions and given the choice to either remove the extension or hide the warning if they wish to keep the extension installed," Oliver Dunk, a developer relations engineer for Chrome extensions, said.
"As in previous versions of Chrome, extensions marked as malware are automatically disabled."
The development comes as the company said it's going to automatically upgrade all https:// URL navigations to https:// even when users click on a link that explicitly declares https://. The feature is currently being tested in Chrome 115, and is expected to be rolled out soon.
Google also said it will show a warning starting in mid-September 2023 when users attempt to download high-risk files while on an insecure connection.
"Downloaded files can contain malicious code that bypasses Chrome's sandbox and other protections, so a network attacker has a unique opportunity to compromise your computer when insecure downloads happen," the Chromium team said.
"Unless HTTPS-First Mode is enabled, Chrome will not show warnings when insecurely downloading files like images, audio, or video, as these file types are relatively safe."
Some of the other features that are in the pipeline include enabling HTTPS-First Mode by default in Incognito Mode for a more secure browsing experience and automatically turning the setting on for users who rarely use HTTP.
Users can enable HTTPS-First Mode by enabling "Always use secure connections" in Chrome security settings (chrome://settings/security).
The updates also follow Google's proposals to add support for quantum-resistant encryption algorithms in the Chrome browser, starting with version 116.