In a bid to prevent Chrome users’ computers being covertly used for cryptocurrency mining, Google will try to purge the Chrome Web Store of extensions that hijack machines’ CPU resources to do just that.
“Until now, Chrome Web Store policy has permitted cryptocurrency mining in extensions as long as it is the extension’s single purpose, and the user is adequately informed about the mining behavior,” Extensions Platform Product Manager James Wagner explained.
“Unfortunately, approximately 90% of all extensions with mining scripts that developers have attempted to upload to Chrome Web Store have failed to comply with these policies, and have been either rejected or removed from the store.”
But even that was not enough, and Google is now banning all extensions that mine cryptocurrency, and plans to delist those that are already in the Chrome Web Store by July.
“Extensions with blockchain-related purposes other than mining will continue to be permitted in the Web Store,” Wagner added.
A larger problem
Covert cryptocurrency mining has been a problem for years, with dedicated software/malware being pushed onto users in various ways.
But since the advent of CoinHive and similar scripts, in-browser cryptojacking has become a widespread nuisance. Not only are websites being compromised and made to include the scripts, but also ads, browser extensions, and so on.
“The extensions platform provides powerful capabilities that have enabled our developer community to build a vibrant catalog of extensions that help users get the most out of Chrome. Unfortunately, these same capabilities have attracted malicious software developers who attempt to abuse the platform at the expense of users,” Wagner noted.
“Over the past few months, there has been a rise in malicious extensions that appear to provide useful functionality on the surface, while embedding hidden cryptocurrency mining scripts that run in the background without the user’s consent. This policy is another step forward in ensuring that Chrome users can enjoy the benefits of extensions without exposing themselves to hidden risks.”
It remains to be seen how efficient Google will be at spotting these extensions, especially because developers are always coming up with new schemes to hide extensions’ malicious functionalities until they get approved.