Prudence Pitch

13:23 13/06/2019 |

Total post : 1,048

Google announces that it intends to replace parts of Chrome’s Web Request API

(Tech) As Google explains in a blog post, the current Web Request API requires that users grant permission for Chrome to pass all information about a network request - which can include things like emails, photos, or other private information - to a given extension. In contrast, the Declarative Net Request API - which is rolling out as part of a suite of changes Google is calling Manifest V3 - allows extensions to block content at install time.



The Declarative Net Request API migration follows a number of changes to extensions intended to improve security, privacy, and performance, according to Google, including granular controls over permissions, a revamped review process, and two-step verification for developers. They dovetail with new safeguards against inline installation on websites, deceptive installation practices, and limits on extension data collection.

At I/O 2019 in May, the company announced that it will provide users with more transparency about how sites are using cookies and offer simpler controls for cross-site cookies, and it announced that it will require developers to explicitly specify which cookies can work across websites. 

Additionally, Google said that it plans to reduce the ways browsers can be passively fingerprinted, and promised to release an open source browser extension for the ads it shows on its properties and those of its publishing partners.

Google says that these and other enhancements have driven down the rate of malicious extension installations by 89% since early 2018. Today, it blocks roughly 1,800 malicious uploads a month from reaching the Chrome Web Store.


Post new