chrome扩展程序_您很快就会对Chrome扩展程序权限进行粒度控制
chrome扩展程序
Chrome extensions have been under heavy scrutiny over the couple of years due to security risks, but Google is looking to change that with upcoming granular permission control. This is a huge step forward for extension security.
由于安全隐患,Chrome扩展在过去几年受到了严格审查 ,但是Google希望通过即将到来的细化权限控制来改变这种情况。 这是扩展安全性的一大进步。
Basically, this is a similar take on Android’s granular permissions controls, just for Chrome browser extensions. The biggest problem with extensions—at least from a security standpoint—is their essentially universal ability to read, write, and change data on websites. With this upcoming feature, you’ll be able to control when and how extensions can read and write data.
基本上,这与Android的精细权限控制类似,仅适用于Chrome浏览器扩展。 扩展的最大问题(至少从安全角度来看)是扩展本质上具有读取,写入和更改网站上数据的通用能力。 借助这项即将推出的功能,您将能够控制扩展程序何时以及如何读取和写入数据。
You’ll be able to specify when an extension can read and change data on a particular website with what appears to be three primary options: when you click the extension, on the specific website, or on all websites. While the latter will allow the extension to function in the same way the system currently works, the first two will disallow the extension from acting outside of the policy you set, essentially sandboxing the extension’s access within the set parameters.
您可以通过以下三个主要选项指定扩展程序何时可以读取和更改特定网站上的数据:单击扩展程序时,在特定网站上或在所有网站上。 后者将允许扩展以与系统当前工作方式相同的方式起作用,而前两个将不允许扩展在您设置的策略之外执行操作,本质上是将扩展的访问权限沙箱化为设置的参数。
To take this a step further, Google will also put a bigger focus on scrutinizing extensions that request “powerful permissions” and use remotely-hosted code. In short, control for extensions—both on the user front and for Google—is going to get a lot tighter.
为了更进一步,Google还将更加关注审查要求“强大权限”并使用远程托管代码的扩展。 简而言之,对扩展的控制-无论是在用户方面还是在Google方面-都将变得更加严格。
There are also some changes being made on the developer end—the Chrome Web Store will no longer allow extensions with obfuscated code, developers will be required to enable 2FA on their accounts starting in 2019, and more. For details on that, you can take a look at the Chromium developer blog.
开发人员端也需要进行一些更改-Chrome网上应用店将不再允许使用混淆代码的扩展程序,从2019年开始,要求开发人员在其帐户中启用2FA,等等。 有关详细信息,您可以查看Chromium开发人员博客 。
The real meat and potatoes here is granular controls on the consumer front. This will be available starting in Chrome 70, which is already available though the beta channel. The feature hasn’t yet been enabled, but Google will likely flip the switch in an upcoming update.
这里的真正的肉和土豆是消费者方面的精细控制。 该功能将从Chrome 70开始提供,而Chrome 70已通过Beta通道提供。 该功能尚未启用,但是Google可能会在即将到来的更新中切换此开关。
翻译自: https://www.howtogeek.com/fyi/youll-soon-have-granular-control-of-chrome-extension-permissions/
chrome扩展程序