‘We’re requiring extensions to only request access to the least amount of data’ by Oct. 15, Google says. Those who fail to comply could get booted from the Chrome Web Store.
Google is giving Chrome extension makers until Oct. 15 to minimize the amount of data they collect during browser sessions or face expulsion the Chrome Web Store.
The change addresses how the extensions generally need to request certain permissions from your browser in order to function. However, some of these permissions can be pretty powerful; they can include the ability to take desktop screenshots, capture audio from a microphone, and collect data from the local file system, among other things, which can open the door to potential abuse.
The risks prompted Google to work toward securing the 180,000+ Chrome extensions on the company’s official web store. “We’re requiring extensions to only request access to the least amount of data,” the company said in a Tuesday blog post. “While this has previously been encouraged of developers, now we’re making this a requirement for all extensions.”
In October, the tech giant began reining in Chrome extensions after the company discovered a bug in the Google+ social media platform that left private user information open to third-party developers. In response, the company retired Google+ and proceeded with an ongoing review of the various ways user data can leak to third-party developers on the company’s services.
Although many Chrome extensions can be quite useful, research has shown that the shadier products can harvest and leak your personal data thanks to extensive permissions. To stay safe, consider uninstalling extensions you rarely use or trying other software alternatives that don’t require constant access to the browser.