Google has taken two steps to prevent its Chrome browser becoming an attack vector for malware that runs as extensions to the browser. Like many other browsers, Chrome allows users to install “extensions”, apps that add functionality. Google even runs the “Chrome Web Store” to promote extensions. Security outfit Webroot …
Better late than never
At least they are doing something to close (decrease) a huge security hole in their browser.
"Decrease" is a better word because in every "appstore" there will be always a good number of malicious apps, and reviewers whenever they exists cannot catch them all.
Unless the developers give away their source code for full inspection, it will be never possible to prevent malicious apps 100%.
However I cannot understand why they don't implement a "revoke" mechanism to forcibly uninstall malicious apps/extensions from the users' system.
Other systems have this feature (even if never used) and I don't understand why it isn't implemented for extensions in browsers as well as on iOS and Android.
Will my extension installation choice i.e. the Y/N status) follow me across the 3 computers i use that have Chrome installed and sync enabled?.
Annoying but inevitable I suppose. The irritating extension autoupdate cycle on Firefox was one of the reasons I moved to Chrome, naive of me as it might be.
Google Chrome and Toolbar must be the most prolific spamware out there (apart maybe from Ask). I have it trying to weasel itself onto one of my computers at least once a week as a payload of something else (from google earf to a simple editor).
Most of the time it tries to install itself in the 'default install' of whatever you're trying to access an you have to do a custom install to get shot of it.
I don't care how good it is, it annoys me no end and I will not use it !
I'm not sure about Google Toolbar, I don't use any of those as they take up screen space that I'd rather use for what the hell I'm trying to read. Chrome's just fine, though. I imagine the real determining factor is how cleanly easily the stuff uninstalls.
I will agree that they really ought to see about dropping some of that bundling incentive stuff. They're not helping by using a similar MO to crapware.
Malware driven "apps" in my spyware driven browser? Unforgivable. Gruesome. Dreadful!
could they also please
Stop bundling chrome with every bloody thing. At least once a week I have to remove it from a customer's machine, then spend five mins removing all the carp it left behind and then finally sorting out all the file associations chrome broke on its way out the door.
I left chrome ages ago. It's too restrictive like the dumb home page tabs that enforce a maximum for no good reason. It's not that stable. I've had more "sad face" tabs in chrome than any other browser and it handles broken HTML in a dumb way that can eat up loads of memory. That and any browser security test puts it near IE for vulnerabilities. All this on top of it spying on me. Screw that, I'll stick to Firefox and let chrome for the hipsters who are happy to recreate the IE6 problems all over again in a new browser.
RE: as responsible enhancements that show, yet again, Google is doing the world a favour.
Yes, Google, please do the world a favor, and eliminate Microsoft from the IT industry.