Google has announced that its Chrome browser will automatically block any plug-ins that it considers outdated or insecure with each update. It has said that this will help to improve browser security.
In its official blog the company said, presumably speaking to a 5 year old: “Bad guys want to install persistent malware on your machine. Once they achieve this, they are free to do a variety of bad things such as steal your banking passwords, abuse your network connection, and rifle through your sensitive files.”
Rifle through private data – hold on a tic, that sounds familiar, eh Google?
“Bad guys will install malware via the easiest path available. Traditionally, the easiest attack was to simply get a user to run an untrusted executable. Not all users fall for this. And modern operating systems and e-mail systems make this harder to do and restrict the permissions that the downloads run with — making it less attractive.
“Next easiest is to exploit a disclosed vulnerability which is not yet patched by all users. The industry’s response to this is to autoupdate its users with security patches; browsers including Firefox and Chrome have demonstrated success at keeping the majority of their user bases current.”
It said that any plug-ins that are “out of date” will be automatically blocked from running on Chrome. This will not only protect the browser from vulnerable plug-ins but also make searching for updates easier. The company also said that it will create a ‘domain white list’ and only plug-ins from trusted sources will be allowed. This includes an automatic update for Adobe Flash Player. There will also be a warning before you run infrequently used plug-ins.
A representative for the company told us: “This report falsely suggests that Android users don’t have control over which apps access their data. Not only must each Android app gets users’ permission to access sensitive information, but developers must also go through billing background checks to confirm their real identities, and we will disable any apps that are found to be malicious.”
Presumably by remotely killing them, because Google has no qualms about sticking its nose around your phone – for your own safety, of course.