Google recently revealed its plans to introduce new security measures into its popular web browser, Chrome. This new feature is set to make its debut with the release of Chrome 117 and is designed to notify users when an extension they have installed has been removed from the Chrome Web Store. This means that if an extension is pulled from the store by the developer, taken down for violating the store's policy, or flagged as malware, users will receive an alert.
The idea behind this initiative is to make users more aware of potential risks and threats tied to extensions. The browser will showcase these extensions under a "Safety Check" section, which can be found in the "Privacy and Security" module of browser settings. Oliver Dunk, a developer relations engineer for Chrome extensions, has commented on this, stating, "When users choose 'Review', they are directed to their extension list. Here, they can choose between removing the potentially problematic extension, or hiding the alert if they want to keep the extension installed." The safety measure does not end here. In line with previous versions of Chrome, extensions flagged as malware will be automatically disabled.
At the same time, Google announced it will be upgrading all URL navigations from HTTP to HTTPS automatically, even when users select a link declaring HTTP. Although this feature is still undergoing testing in Chrome 115, users can look forward to its roll-out in the near future. In addition to this, Google is planning to issue a warning to users starting in mid-September 2023 upon any attempt to download high-risk files over an insecure connection.
The introduction of these warnings stems from the risk that downloaded files potentially contain malicious code, bypassing Chrome's security measures. These malicious codes could offer opportunities to network attackers to compromise systems when insecure downloads occur. As such, Google hopes to increase user awareness and caution during their internet use to protect them better against such threats.
Further enhancements include the default enabling of HTTPS-First Mode in Chrome's incognito mode to ensure a more secure browsing experience and automatic activation of this setting for users who seldom use HTTP.
Google always strives to improve their cybersecurity and these updates follow Google's earlier initiative to support quantum-resistant encryption algorithms in the Chrome browser, beginning with version 116.
At Darksteel Technologies, we are an Orlando based business that can handle all aspects of your IT security. Providing compliance, training, malware protection, cloud security, devsecops, vulnerability management, penetration testing, architecture design and any other information security requirement your business needs. We focus on your cybersecurity so you don't have to.