Google Chrome is widely regarded as one of the best browsers around – but this popularity often comes with some risk, as criminals look to target its huge user base.
In its latest update, the company is attempting to help users decipher which Google Chrome extensions are legitimate and which ones to avoid through new Chrome Web Store badges.
Google says there will be two types of badges: Featured, given to extensions that "follow our technical best practices and meet a high standard of user experience and design"; and Established Publisher, for those "who have verified their identity and demonstrated compliance with the developer program policies."
The goal is to give users an easier way to see whether an extension is really what it says it is without having to look through the reviews or search the web - hopefully helping users avoid malware and other security threats.
Google says the overall process for awarding the badges will be manual – hopefully helping cut down on bad actors gaming the system – and will be based on whether the extension complies with the latest APIs, offers an "enjoyable and intuitive experience", and other factors.
Extensions can be dangerous
It feels like every month (or maybe every two) we get a new story about a bad Chrome extension that abused its privileges to infect a person's computer or some other dastardly scheme.
A recent example was The Great Suspender, a popular extension that forced excess tabs to sleep to save resources, that was delisted by Google (and even uninstalled for users) for containing malware.
The openness of the Chrome Web Store means that pretty much anyone can get in and given the sheer popularity of Chrome, which has a 90%-plus market share, bad extensions are a serious opsec risk.
