Sonntag, 15. Juni 2014

Short note: Googles ban of thirdparty extensions

The claim

Google claims to improve user security. The scenario they postulate contains extensions that are installed via manipulation of the browser settings.

The method

Google blocks extensions installed into chrome as packed extensions from being executed if they are not from the google webstore.

The hard and fast mistakes

Google did not block extensions being installed as unpacked extensions in development mode, and they also did not block extensions being installed by company policy via registry setting.

The meta mistakes

Manipulation of browser settings have much more serious implications than unwanted extensions. Via the proxy setting an attacker can gain access to the full browsing behaviour including cleartext passwords and much more. Banning thirdparty extensions robs a user who failed at securing his system from a chance to recognize his mistake.


Googles ban on thirdparty extensions fails in the task it was supposed to achieve and reduces user awareness of possible security issues on their system. It is thus actually harming users while improving googles bottom line.

Keine Kommentare:

Kommentar veröffentlichen