Linked by Thom Holwerda on Sun 10th Jun 2012 22:36 UTC
Google So, Google has made it very hard to install Chrome extensions outside of the Chrome Web Store - out of security concerns. In addition, they sprung this on users and extension developers without much consultation or consideration for their concerns. As always - understandable to protect users, but the handling has an almost Apple-like bluntness to it. Next up: how to jailbreak your browser?
Permalink for comment 521693
To read all comments associated with this story, please click here.
Alfman
Member since:
2011-01-28

Laurence,

"Metadata can be faked. This method ensures that only people tech-savy enough to know how not to break their browser has enough control to break their browser."

Can be faked to do what? Any metadata can be faked. But if the requested permissions are enforced by the sandbox and software attempts to escalate it's access above that specified in metadata, then it should be killed automatically. Furthermore the default max permissions should be restrictive enough such that the user needs to explicitly ok dangerous calls before the software will run.

The sandbox gives us much more security than we normally have when running extensions under blind faith. Although this could improve security for all extensions, I'd be open to removing sandbox restrictions from extensions that have already been vetted by google.

Reply Parent Score: 3