At Chrome Dev Summit 2020 today, Google announced it will change how extensions access data and how extension permissions work in 2021. On January 18, a day before the release of Chrome 88, Google will require that every extension publicly display its privacy practices and will limit what developers can do with the data they collect.
With over 1 billion users, Chrome is both a browser and a major platform. The Chrome Web Store hosts more than 250,000 extensions and themes with 4 million Chrome extensions downloaded every day. These privacy changes will impact not just users and developers but businesses too, from startups that build extensions to enterprises that rely on extensions for internal and external use.
The first change means that Chrome users next year will determine which websites an extension can access when they browse the web. Once you grant an extension permission to access a website’s data, that preference can be saved for that domain. Today, the extension makes that call. In 2021, you will still be able to grant an extension access to all the websites you visit, but that won’t be the default.
Starting January 18, listings for extensions on the Chrome Web Store will show whether the developer has certified that their extension complies with the above.
This is part of a bigger effort by Google to improve extension security and privacy. Back in May, Google added a new Safety Check with the release of Chrome 83 that tells you if the passwords you’ve asked Chrome to remember have been compromised, whether Google’s Safe Browsing service is turned off, if your Chrome version is up-to-date, and whether any malicious extensions are installed. Since then, Google says that the number of malicious extensions that Chrome disabled to protect people grew by 81%.