Linked by Thom Holwerda on Sun 10th Jun 2012 22:36 UTC
Google So, Google has made it very hard to install Chrome extensions outside of the Chrome Web Store - out of security concerns. In addition, they sprung this on users and extension developers without much consultation or consideration for their concerns. As always - understandable to protect users, but the handling has an almost Apple-like bluntness to it. Next up: how to jailbreak your browser?
Permalink for comment 521655
To read all comments associated with this story, please click here.
darknexus
Member since:
2008-07-15

To which I say, the goal should be addressing the lack of software sandboxing rather than having users acquire all their software from centralised sources.


Sandboxing doesn't help in this situation. Even if a piece of software can't get outside the sandbox, if you voluntarily run it inside of your browser, it has access to whichever features the parent process does. If you install an extension that happens to be malware in a sandboxed browser, it might not be able to get at your files or other data but anything you put in that browser is compromised in either case. That means web history, form entries such as credit card numbers and passwords, and any other information said malware wishes to collect. As it's running inside your browser, which has network access, so does the malware. Network access and data, that's all they're after anyway, and you can't effectively block browser extensions' access to these facilities since they depend on such things to function. Both sandboxing and walled gardens offer you a false sense of security in the same way. I prefer to call Google's approach a gated garden, since you can easily get out if you wish. The one advantage such systems have over sandboxing is that malware, if detected, can be revoked and killed. That power can, of course, be abused (Apple, I'm looking at you) which is why a way out is important.

Reply Parent Score: 2