Google has finally decided to use machine learning techniques as an expansion of abuse protection to reduce harm to Chrome users. The search giant will upgrade its automated inline installation abuse detection features to find out malicious extensions.
Despite the fact that Google already has an extension-level protection, it will now consolidate machine learning to monitor each inline installation request for bad signals in ads and web pages. Once Chrome detects the signals, it will selectively disable the request and redirect users to the extension page on the Web Store. This will ensure that inline installation of the extension from non-deceptive sources is not affected.
Introduced in 2011, the inline installation essentially allows users to conveniently install extensions from developers’ websites. before inline installation, when a user visited a particular website they had to navigate away in order to download an app or extension. However, after Google Chrome 15, users did not have to leave the site. But unfortunately, the mechanism has been abused by attackers to trick users into downloading malicious extensions.
Back in 2015, Google had started to disable inline installations in Chrome due to the cases of misleading or deceptive install flows. As a result, Google claims, “User complaints have been reduced by 65 percent since the start of this disabling initiative. Fewer than 3 percent of extensions still engage in these deceptive or confusing install flows.”
According to Google, these few extensions generate 90 percent more user complaints on an average than the remaining extensions on the Chrome Web Store. The automated enforcement system is in place to be responsive to user feedback.
Developers can view the FAQs posted by Google to help them understand the new policy. The company has said that the expanded protections will be releasing starting in a few weeks.