In May 2020, Google announced the implementation of a new functionality in your Chrome browser, the 'Improved Safe Browsing' that —by sharing information with the Google Safe Browsing service— offers proactive protection against dangerous websites (linked to cases of phishing or malware downloads).
Now, Google has announced the addition of a new feature to this function, which will protect the user not from those sites he visits ... but also of the software that you install in the browser itself.
Thus, Chrome will begin to scan which extensions are installed by the users of their Chrome browser, proceeding to show warnings via a dialog to those adding extensions from an untrusted developer, or that it has been registered in your extensions marketplace for a short time.
Google defines "trusted developer" as all those who have been adhering to the policies for several months from the Chrome Web Store Developer Program. This temporary requirement is what leads to include among the 'suspects' the creators of newly incorporated extensions.
From the company they clarify that practically 75% of the extensions hosted on the Chrome Web Store have been developed by developers considered 'trusted'.
Hundreds of extensions removed for containing malware in recent times
Google has made this decision after years of controversial and critical due to the presence of malicious extensions on its platform and poor supervision of them.
In 2020 alone, it was forced to delete 49 that were stealing passwords from Bitcoin wallets, Y more than 100 collecting private data (and that they added 33 million downloads between all of them).
There have recently been other quite famous cases, like The Great Suspender: a very popular and perfectly legitimate extension that, after being sold by its original creator, began to alter its operation, demanding more and more permissions and adding insecure functions.
Finally, The Great Suspender was removed from the Chrome Web Store… And users who already had it installed were remotely deactivated.
Other bad practices detected have been the cloning legitimate extensions with the addition of malicious code, the false positive feedback creation to increase the visibility of an extension, etc.