Google has upgraded their Chrome browser so that automatic installations of browser extensions are blocked from any site other than the company’s Chrome web store.
This is enormously good news for Chrome users, as they were previously open to malicious websites automatically installing browser extensions that could track online activity and steal information.
The bad news is; this capability wasn’t built in from the start.
This is yet another example of leaky, sloppy, dangerously easy-to-hack Google code that endangered millions of users. Another example is the Android mobile operating system that is a virtual malware magnet.
It took Google a long time to start scanning mobile apps for viruses before allowing them to be downloaded by customers via the Google Play (formerly known as Android Market) store. Even after they did so; malicious apps have still been a problem; some of them even masquerading as anti-virus applications.
Even though anti-virus researchers have reported this is part of the reason why they have discovered an Android botnet; Google claims that the only way people could have become infected was to side-load apps from”third party” sites other than Google Play. Alternately, they say the issue can be traced to a bug in Yahoo Mail.
While I understand all internet technology can be compromised; I think that as consumers, we should be able to expect that tech companies build in security up front, instead of bolting it on after putting their customers at risk.
The lag time between the release of faulty code and the patch that attempts to fix it gives attackers a window of opportunity they would not have had if the software had only been done right the first time.
Do you agree? Add your comments and share your experiences below.