Google has been making strides to protect users from malicious and fraudulent extensions. Earlier this year, the company announced the end of paid extensions on the Chrome Web Store, and today, the company is changing its privacy rules for Chrome extensions that will be put in place next year.
First off, Google is changing the way users grant extensions permission to access website data. Typically, if an extension requires access to data from visited pages, that access is granted for every website the user visits by default. Starting next year, extensions will only be granted permission to access data on a per-domain basis. There will still be the option to grant access to all website data, but that won't be the default.
Additionally, Google is adding a new "Privacy Practices" section to extension listings on the Chrome Web Store. These will provide at-a-glance information about what data the extension collects and how it's used. Google is also limiting how that data can be used by the extension. This change will roll out on January 18, and it should further protect users from malicious extensions.
Aside from the extension-focused changes, Google is promising to launch more protections for users through Enhanced Safe Browsing, a feature it announced earlier this year. This sends websites to Google to be checked for safety, but it's unclear how Google plans to expand on that. We'll have to wait for the company to share more details.