Google Chrome to Use Machine Learning to Protect Users From Malicious Extensions
- Google already has an extension-level protection in place
- Google had introduced inline installation in 2011
- 3 percent extensions engage in deceptive install inflows
The search giant already has an extension-level protection but it will now incorporate machine learning to look at each inline installation request for bad signals in ads and webpages. Once Chrome detects the signals, it will selectively disable the request and redirect users to the extension page on the Web Store. This will ensure that inline installation of the extension from non-deceptive sources is not affected.
In 2011, Google had introduced inline installation to enable users to easily install extensions from developers’ websites. Earlier, when a user visited a particular website they had to navigate away in order to download an app or extension. However, after Google Chrome 15, users did not have to leave the site. But, the mechanism has been abused by attackers to trick users into downloading malicious extensions.
In the year 2015, Google had started to disable inline installations in Chrome in cases of misleading or deceptive install flows. As a result, Google says, “User complaints have been reduced by 65 percent since the start of this disabling initiative. Fewer than 3 percent of extensions still engage in these deceptive or confusing install flows.”
However, Google added that these few extensions generate 90 percent more user complaints on an average than the remaining extensions on the Chrome Web Store. The automated enforcement system is in place to be responsive to user feedback, Google says.
Google has posted some FAQs to help developers understand the new policy. The company has said that the expanded protections will roll out starting in a few weeks.