Approval of extensions
26 views
Skip to first unread message
Arpit
Aug 23, 2011, 2:30:24 PM8/23/11
to Chromium-extensions
Dear Google Chrome team,
I am yet another Chrome user, and love Chrome not just for being a
fast browser but also for its support for open source and open
standards. I am very happy to see development of Chrome and its
increasing popularity around the globe.
As I am very passionate about Chrome extensions and extension APIs -
one thing I am worried for is my security, safety and privacy while
installing & using Chrome extensions. I am very sad to know that there
is no pre-release approval process for the items available in Chrome
Web Store. Although, Chrome warns about the required ‘permissions’
before installing any extension & has proper limitations/sandboxing
for extensions, it seems that these are not enough. I would like to
attract your attention towards these two incidents:
1> http://blog.arpitnext.com/2011/08/chrome-extension-awesome-screenshot.html
2> http://www.reddit.com/r/chrome/comments/gpwqc/caution_auto_hd_for_youtube_extension_is_now/
I believe that there must be many such ‘unreported’ cases.
Mozilla and Opera have a manual approval process for all new and
updated items on their official add-on galleries. As Chrome is on its
way to become most popular browser in many countries, it is extremely
required to ensure proper security and privacy for the users. Is
Chrome team considering any such proposal?
With Regards,
- Arpit
I am yet another Chrome user, and love Chrome not just for being a
fast browser but also for its support for open source and open
standards. I am very happy to see development of Chrome and its
increasing popularity around the globe.
As I am very passionate about Chrome extensions and extension APIs -
one thing I am worried for is my security, safety and privacy while
installing & using Chrome extensions. I am very sad to know that there
is no pre-release approval process for the items available in Chrome
Web Store. Although, Chrome warns about the required ‘permissions’
before installing any extension & has proper limitations/sandboxing
for extensions, it seems that these are not enough. I would like to
attract your attention towards these two incidents:
1> http://blog.arpitnext.com/2011/08/chrome-extension-awesome-screenshot.html
2> http://www.reddit.com/r/chrome/comments/gpwqc/caution_auto_hd_for_youtube_extension_is_now/
I believe that there must be many such ‘unreported’ cases.
Mozilla and Opera have a manual approval process for all new and
updated items on their official add-on galleries. As Chrome is on its
way to become most popular browser in many countries, it is extremely
required to ensure proper security and privacy for the users. Is
Chrome team considering any such proposal?
With Regards,
- Arpit
Mihai Parparita
Aug 23, 2011, 9:21:08 PM8/23/11
to Arpit, Chromium-extensions
Hi Arpit,
The extensions team shares your passion for security and safety. Erik recently posted a good round-up of all the security-related work that we are doing: http://groups.google.com/a/chromium.org/group/chromium-extensions/browse_thread/thread/69f14ae6d8ebbdf8/1527424be57a0e35#1527424be57a0e35
A review process is in place for extensions that use NPAPI plugins (http://code.google.com/chrome/extensions/npapi.html), since those extensions have unfettered access to a user's machine once installed. For other extensions we believe that the other mitigating factors (limited APIs, fine-grained permissions, user reports from the store, etc.) strike the right balance between security and not having posting to the store be a bottleneck and time-drain for developers.
Mihai
--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To post to this group, send email to chromium-...@chromium.org.
To unsubscribe from this group, send email to chromium-extens...@chromium.org.
For more options, visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en.
Reply all
Reply to author
Forward
0 new messages