19 November 2020
Google has announced a new change around extension security and it is built upon the new policies Google announced for extensions a month back. In its new announcement, Google has said that it will make it easier for users to choose what websites an extension can access. The new change will be reflected directly inside the Chrome Web Store.
Users will be able to set access for each extension directly from the Chrome Web Store while installing an extension. Currently, many extensions have full access to run on all websites by default. You have to manually go to installed extension settings to change the permissions. With the new changes applied, users will be able to set website access for each extension they are about to install.
It is currently unknown when the new feature will be rolled out but it is expected to go live alongside the new “Policy practices.”
Regarding what developers can do with the data they collect, Google has four new policies:
- Ensuring the use or transfer of user data is for the primary benefit of the user and in accordance with the stated purpose of the extension.
- Reiterating that the sale of user data is never allowed. Google does not sell user data and extension developers may not do this either.
- Prohibiting the use or transfer of user data for personalized advertising.
- Prohibiting the use or transfer of user data for creditworthiness or any form of lending qualification and to data brokers or other information resellers.
If developers don’t provide the information as per the new rules, the Chrome Web Store listing of their extension will display a notice to them.