Google announces new Chrome Web Store.
As Google Chrome users respond to yet another browser security update while others contemplate what to do as their update fails, there’s some good news to be had at last. Following a rash of worrying headlines involving the Chrome browser being used to bypass two-factor authentication protections by the use of extension hacking attacks, Google has made a surprise announcement in response: a brand new Chrome Web Store. But only for enterprise users. Here’s what you need to know.
The Surprise Google Chrome Web Store Decision
The recent Chrome browser 2FA bypass attacks involved dozens of extensions being hacked and replaced with malicious versions that had the potential to impact millions of users. Call it a sophisticated phishing attack if you like, as social engineering was used to gain access to the various developer credentials required to make the extension switch, but one thing’s for sure: this was a security game-changer. At the time, Google’s Chrome security team said that less than 1% of extension installs from the Chrome Web Store were found to include malware and “before an extension is even accessible to install from the Chrome Web Store, we have two levels of verification to ensure an extension is safe.” Now, Google has taken a further step to help ensure this kind of attack doesn’t happen again.
In a surprise Jan. 23 posting, Hafsah Ismail, a product manager for Chrome Web Store and Extensions, alongside Maxime Martin, a product manager for Chrome Enterprise, confirmed the launch of a new Chrome Web Store for enterprise users. “We’re excited to announce powerful new features designed to give businesses greater control and visibility over their Chrome extension ecosystem,” the pair said, introducing “a curated Chrome Web Store experience for your end users.”
The Curated Chrome Web Store Experience
Designed to provide businesses with a greater degree of control, as well as improved visibility, of their extension ecosystem, the new Chrome Web Store offers enhanced extension management capabilities. Google divides these capabilities into five categories:
- Simplified access to allow users to more efficiently find and install pre-approved extensions directly from the Chrome Web Store landing page.
- Enhanced security to promote these trusted extensions while minimizing the risk from potentially harmful ones being installed.
- Increased productivity as users will only be able to use the specific, pre-approved, extensions they need in their roles.
- Customizable interface to give admins greater control over the Web Store experience, including the curation of extension collections along with category-based controls.
- Greater transparency through enabling admins to create custom block messages on Chrome extension detail pages for more visibility into usage policies, coming “early this year” according to Google.