Google will be extending the Safety check feature within the Chrome browser to alert users when a previously installed extension is no longer available in the Chrome Web Store.
A safety check for Chrome extensions
The Safety check scan can be run from Chrome’s Settings (under “Privacy and security”).
Starting in Chrome 117, which is due to be released in September 2023, the browser will highlight if an extension they use has been unpublished by the developer, has been taken down for violating Chrome Web Store policy, or has been labeled as malware.
Clicking on the “Review” button will take the user to a list of extensions that have been removed from the Chrome Web Store.
There may be an explanation why an extension has been removed, but in any case, the user can choose to remove them or keep using them. As in earlier Chrome versions, extensions marked as malware are automatically deactivated.
The user can choose to remove flagged extensions or keep using them (Source: Google)
“We have designed this change to keep the ecosystem safe for users while limiting the chances that this will impact genuine extensions. If an issue is resolved, the notification is automatically cleared,” said Oliver Dunk, developer relations engineer for Chrome extensions.
“The notification will not be displayed for an extension when the developer has been notified of a possible violation and has been given time to address the issue or appeal.”
Working on continuous safety
Google has set out strict rules for developers when submitting new extensions to the Chrome Web Store.
“The Chrome Web Store Review team has special procedures for egregious policy violations. In cases such as malware distribution, deceptive behavior designed to evade review, repeated severe violations indicative of malicious intent, and other egregious policy violations, more drastic measures are necessary,” the company noted.
Nevertheless, malicious extensions still occasionally get published, and occasionally legitimate extensions get hijacked and turned into malware/adware.
Chrome extensions can also be a threat to companies’ business operation, compliance and data security efforts. In late April, Google has made available Spin.AI App Risk Assessment, a tool Google Workspace admins and security teams can use to assess the risk different Chrome extensions may pose to their users and their organization.