How to deal with untrustworthy third-party add-ons that could endanger your own users? Prevent them from loading – if you can.
That’s what Google recently did with Gmail extensions that load code that interferes with the users’ Gmail session or malware that can compromise their email’s security.
In order to do it, Google has begun blocking Gmail extensions that don’t comply with the Content Security Policy (CSP), a specification that’s used to instruct browsers from which location and which type of resources can be loaded.
“Most popular (and well-behaved) extensions have already been updated to work with the CSP standard, but if you happen to have any trouble with an extension, try installing its latest version from your browser’s web store (for example, the Chrome Web Store for Chrome users),” advised Danesh Irani, a software engineer with the Gmail Security team.