Quoting Think Twice Before Installing Any Chrome Extension (Arpit Kumar for TechRaga).
These extensions are not checked by Google for possible malicious behaviour. ... The most unfortunate thing is that the Chrome team has no intention to implement an approval process for the items available at Web Store. I raised this issue earlier, but then the Chrome team said, “We’ve purposely avoided having a pre-review process for the extensions gallery / Chrome Web Store.”.I wonder if some kind of community-driven process could be instituted for this.Thankfully, Mozilla is much careful about the Firefox users – and all add-ons are tested manually before they go public on AMO. Certainly, it takes long time to get approved but this ensures best and safe user experience.
2 comments:
I think Chrome has security sandbox for extensions,
FF doesn't have one.
Arn is correct. The primary reason for this is that Chrome allows for "limited access" extensions, whereby the user is notified before install of the acces rights the extension needs in order to operate, whereas a Firefox XUL extension always has the rights to do just about anything, hence a security check is pretty important. Some firefox extensions use the next gen "Jetpack" framework which is more Chromelike in it's operation, but it's nice to know that they will keep the older XUL framework around so that extension authors can do stuff the firefox authors haven't built an API for, and may not ever, if it doesn't conform to their aesthetic. Chrome just doesn't let you do certain things with extensions, often because those things have been abused in the past on other browsers.... (eg toolbar installers)
Post a Comment