Live Updates: COVID-19 Cases
  • World 19,546,748
    Confirmed: 19,546,748
    Active: 6,274,858
    Recovered: 12,547,767
    Death: 724,123
  • USA 5,095,524
    Confirmed: 5,095,524
    Active: 2,314,463
    Recovered: 2,616,967
    Death: 164,094
  • Brazil 2,967,064
    Confirmed: 2,967,064
    Active: 798,968
    Recovered: 2,068,394
    Death: 99,702
  • India 2,088,611
    Confirmed: 2,088,611
    Active: 618,364
    Recovered: 1,427,669
    Death: 42,578
  • Russia 877,135
    Confirmed: 877,135
    Active: 178,818
    Recovered: 683,592
    Death: 14,725
  • South Africa 545,476
    South Africa
    Confirmed: 545,476
    Active: 140,808
    Recovered: 394,759
    Death: 9,909
  • Mexico 469,407
    Confirmed: 469,407
    Active: 104,710
    Recovered: 313,386
    Death: 51,311
  • Peru 463,875
    Confirmed: 463,875
    Active: 128,894
    Recovered: 314,332
    Death: 20,649
  • Chile 368,825
    Confirmed: 368,825
    Active: 16,699
    Recovered: 342,168
    Death: 9,958
  • Spain 361,442
    Confirmed: 361,442
    Active: 332,939
    Recovered: ?
    Death: 28,503
  • Iran 322,567
    Confirmed: 322,567
    Active: 24,711
    Recovered: 279,724
    Death: 18,132
  • UK 309,005
    Confirmed: 309,005
    Active: 262,494
    Recovered: ?
    Death: 46,511
  • Saudi Arabia 285,793
    Saudi Arabia
    Confirmed: 285,793
    Active: 33,752
    Recovered: 248,948
    Death: 3,093
  • Pakistan 283,487
    Confirmed: 283,487
    Active: 17,815
    Recovered: 259,604
    Death: 6,068
  • Bangladesh 252,502
    Confirmed: 252,502
    Active: 103,585
    Recovered: 145,584
    Death: 3,333
  • Italy 249,756
    Confirmed: 249,756
    Active: 12,924
    Recovered: 201,642
    Death: 35,190
  • Turkey 238,450
    Confirmed: 238,450
    Active: 11,063
    Recovered: 221,574
    Death: 5,813
  • Germany 216,315
    Confirmed: 216,315
    Active: 9,661
    Recovered: 197,400
    Death: 9,254
  • France 197,921
    Confirmed: 197,921
    Active: 84,761
    Recovered: 82,836
    Death: 30,324
  • Canada 118,985
    Confirmed: 118,985
    Active: 6,580
    Recovered: 103,435
    Death: 8,970
  • China 84,596
    Confirmed: 84,596
    Active: 839
    Recovered: 79,123
    Death: 4,634
  • Netherlands 57,501
    Confirmed: 57,501
    Active: 51,347
    Recovered: ?
    Death: 6,154
  • Australia 20,697
    Confirmed: 20,697
    Active: 9,099
    Recovered: 11,320
    Death: 278
  • S. Korea 14,562
    S. Korea
    Confirmed: 14,562
    Active: 629
    Recovered: 13,629
    Death: 304
  • New Zealand 1,569
    New Zealand
    Confirmed: 1,569
    Active: 23
    Recovered: 1,524
    Death: 22

Google Chrome 70, worth the effort towards safer default extensions

Author at TechGenyz Tech
Chrome Extensions

For 10 long years, Chrome has produced over 180,000 extensions in the Chrome web store which enabled desktop users to customize Chrome and their web experience. For the uninitiated, Extensions are small software programs that customize the browsing experience which helps users to mold Chrome functionality and behavior suiting individual needs or preferences. Today, Google announced a number of changes regarding handling extensions especially the ones requesting a considerable number of permissions. In addition, it has also declared a set of new requirements for developers who wish to publish their extensions on Chrome web store.

Talking about the need and functions of Chrome extension, Chromium blog claims, “it’s crucial that users be able to trust the extensions they install are safe, privacy-preserving, and performant. Users should always have full transparency about the scope of their extensions’ capabilities and data access”. In recent times, Chrome had taken initiatives to improve extension security with the launch of out-of-process iframes, the removal of inline installation, and advancements in their ability to detect and block malicious extensions. Today they added to their existing rules some new changes along with their plans for the future.

Starting off with Chrome 70, Users are given the power to block extension host access to their custom list of sites and to configure extensions to need a click to be allowed access to the current page. This is how most chrome extensions will lose their ability to see and manipulate any website that the user frequents. This automatically improves user transparency and control over extensions. There’s a transition guide which will guide you when any extension requires your permission.

Adding on to it, Google promises that any extension that requests for “powerful permission” will be put under scrutiny. Also, extensions using a remotely hosted code, which can be altered any time, will also be under close inspection. To reduce review time, Chrome advises developers to include their code entirely in the extension package and also to narrow down the permission range.

Chrome web store will stricty not allow any extension with an obscure code, whether the code is available within the extension package or externally or resource fetched. This applies from today onwards, for any new extension submitted. Existing Chrome extensions can continue, however, they will be required to update within a span of 90 days, failing which they will also be removed from Chrome web store. This follows Chrome’s claim that over 70% of malicious extensions run on obfuscated code. The main use of the obfuscated code is to limit readability and thereby lessening the chances of code theft, but at the same time, such codes really make it difficult to be reviewed.

“Ordinary minification, on the other hand, typically speeds up code execution as it reduces code size, and is much more straightforward to review. Thus, minification will still be allowed, including the following techniques:

  •  Removal of whitespace, newlines, code comments, and block delimiters
  •  Shortening of variable and function names
  •  Collapsing the number of JavaScript files”, mentions Chrome in its blog.

With the start of the new year, Google will enable a two-step-verification process for all developer accounts. Once an extension gets popular, it has the chance of being stolen by hijacking the account. The two-step authentication is believed to add as an extra layer of security, the second layer of which will either be linked to the phone number or any “physical security key”. Google is also considering Advanced Protection Program which offers security to Google’s own employees.

2019 will also see the introduction of the next Chrome extensions of manifest version. Manifest v3 will necessitate extra platform changes aimed at creating stronger security, privacy, and performance guarantees.