The claim
Google claims to improve user security. The scenario they postulate contains extensions that are installed via manipulation of the browser settings.
The method
Google blocks extensions installed into chrome as packed extensions from being executed if they are not from the google webstore.
The hard and fast mistakes
Google did not block extensions being installed as unpacked extensions in development mode, and they also did not block extensions being installed by company policy via registry setting.
The meta mistakes
Manipulation of browser settings have much more serious implications than unwanted extensions. Via the proxy setting an attacker can gain access to the full browsing behaviour including cleartext passwords and much more. Banning thirdparty extensions robs a user who failed at securing his system from a chance to recognize his mistake.
Conclusion
Googles ban on thirdparty extensions fails in the task it was supposed to achieve and reduces user awareness of possible security issues on their system. It is thus actually harming users while improving googles bottom line.
Keine Kommentare:
Kommentar veröffentlichen