Google has introduced a new method to detect confusing and deceptive browser extensions on Chrome. In the next few weeks, Google will start using machine learning as an expansion of abuse protection to reduce harm to Chrome users. The search giant will upgrade its automated inline installation abuse detection features to find out malicious extensions.
The search giant already has an extension-level protection but it will now incorporate machine learning to look at each inline installation request for bad signals in ads and webpages. Once Chrome detects the signals, it will selectively disable the request and redirect users to the extension page on the Web Store. This will ensure that inline installation of the extension from non-deceptive sources is not affected.
In 2011, Google had introduced inline installation to enable users to easily install extensions from developers’ websites. Earlier, when a user visited a particular website they had to navigate away in order to download an app or extension. However, after Google Chrome 15, users did not have to leave the site. But, the mechanism has been abused by attackers to trick users into downloading malicious extensions.
In the year 2015, Google had started to disable inline installations in Chrome in cases of misleading or deceptive install flows. As a result, Google says, “User complaints have been reduced by 65 percent since the start of this disabling initiative. Fewer than 3 percent of extensions still engage in these deceptive or confusing install flows.”
However, Google added that these few extensions generate 90 percent more user complaints on an average than the remaining extensions on the Chrome Web Store. The automated enforcement system is in place to be responsive to user feedback, Google says. Google has posted some FAQs to help developers understand the new policy. The company has said that the expanded protections will roll out starting in a few weeks.