Google has announced plans to further restrict Chrome extensions in a bid to crack down on the number of malicious extensions found in the Chrome Web Store.
We’ve seen a spate of malicious extensions this year; the extensions do things like steal credentials and participate in click fraud schemes. The malicious extensions take advantage of the considerable access to Web pages that extensions have.
Google has already taken some steps to limit malicious extensions. Last year, a stricter multi-process model was applied to extensions to limit the impact of security flaws in the browser, and earlier this year Google deprecated the ability for extensions to offer installation from third-party websites (instead forcing all installations to go via the Chrome Web Store). This feature will be fully removed in Chrome 71 in December.