Protecting users from extension cryptojacking
By James Wagner, Google Extensions Platform Product Manager
April 3, 2018
As the extensions ecosystem
continues to evolve, we remain focused on empowering developers to
build innovative experiences while keeping our users as safe as
possible. Over the past few months, there has been a rise in
malicious extensions that appear to provide useful functionality on
the surface, while embedding hidden cryptocurrency mining scripts
that run in the background without the userís consent. These mining
scripts often consume significant CPU resources, and can severely
impact system performance and power consumption.
Until now, Chrome Web Store policy has permitted cryptocurrency mining in extensions as long as it is the extensionís single purpose, and the user is adequately informed about the mining behavior. Unfortunately, approximately 90% of all extensions with mining scripts that developers have attempted to upload to Chrome Web Store have failed to comply with these policies, and have been either rejected or removed from the store.
Starting today, Chrome Web Store will no longer accept extensions that mine cryptocurrency. Existing extensions that mine cryptocurrency will be delisted from the Chrome Web Store in late June. Extensions with blockchain-related purposes other than mining will continue to be permitted in the Web Store.
The extensions platform provides powerful capabilities that have enabled our developer community to build a vibrant catalog of extensions that help users get the most out of Chrome. Unfortunately, these same capabilities have attracted malicious software developers who attempt to abuse the platform at the expense of users. This policy is another step forward in ensuring that Chrome users can enjoy the benefits of extensions without exposing themselves to hidden risks.