Google's new content security aims to protect you from malicious Gmail extensions

[Justin Kahn]

There are many extensions available for Chrome and specifically those for Gmail, and while Google has always done its best to ensure malicious add-ons don’t become widespread, they are certainly out there. Over the last year, the company has taken steps to improve privacy for its Gmail users, which was believed to be sparked by NSA security issues among other things.

Google is ready to takes things even further now. Software Engineer for Gmail Security Danesh Irani took to the official Gmail blog today to announce some new security measures surrounding extensions. As mentioned in the post, Google is already using secure proxy servers for images and requiring HTTPS, but has now implemented something called Content Security Policy (CSP).

CSP is essentially a standard that will stop malicious extensions from doing things you don’t want them to. There are add-ons out there that will load messy code that slows things down or those that purposely run malware to compromise your security. 

According to Google most popular extensions have already been updated to work alongside CSP just fine, but it sounds as though there are a number that haven’t been. Google mentions to ensure you have the newest versions of those extensions if any problems arise. Outside of users that run a lot of different Gmail add-ons, CSP seems like mostly a good thing that will hopefully help to tidy up some of the messy extensions out there and get rid of the malicious ones.

Permalink to story.

https://www.techspot.com/news/59186-google-blocks-gmail-extensions-malicious.html

 

[Uncle Al]

Been using gMail for a long time and of all the services out there, they have had better reliability than any others I've seen or used. Any improvement is always welcome ....

 

[captaincranky]

Google has a new trick with their, "spam detection algorithms". They just put the spam in your inbox under the "promotions" tab, and then when you check your spam folder, they boldly announce, "hooray, no spam here"!

I don't have a problems with extensions for Chrome or Gmail.

I use Firefox instead of Chrome, and don't add any extensions to Gmail. Problem solved, without Google being able to take a bow for, "helping me out".

 

[Guest]

In my experience running my own IT maintenance company, I've found Google Chrome to be infinitely worse than IE for allowing itself to be attacked by malicious extensions. I've lost count of how many times I have had to reset Chrome for my clients in an effort to get clean it up. It is not a good indictment on Google when IE beats it in the security stakes.

In my opinion, Firefox is by no means infallible but it still beats IE and Chrome when talking security. Google Chrome has mainly found it's way onto computers via 'stealth' through the 'opt out' method used in Adobe updates etc which makes me suspicious of their true motives. People are impressed with it's speed over IE and Firefox but their methods of deployment are questionable.

 

[captaincranky]

I...[ ]... People are impressed with it's speed over IE and Firefox but their methods of deployment are questionable.

Since I wouldn't be caught dead with Chrome on my computer, I'd appreciate you confirmation or denial of these facts. I understand Chrome gets it's speed by running multiple processes, and using huge chunks of memory. Is this true? In essence, it hijacks your computer. (To one degree or another).