Google is tightening up protections in Chrome against malware that targets macOS devices over the web.
Google has been restricting sneaky attempts to change Chrome settings on Windows for several years, and the company will now bring those same restrictions to Chrome on macOS devices as part of an effort to tackle malware and ad-injectors that target Apple’s desktop platform.
There are two parts to Google’s plan to counter macOS-specific malware. The first is the recently released Chrome Settings API for Mac, which arrived with Chrome 56. The second component is Google’s Safe Browsing technology, which displays in-browser warnings when users attempt to visit a known shady site.
As Google explains, the Settings Overrides API offers a way for extensions to override selected Chrome settings. However, it is meant to do so in a way that allows users to stay in control of their Chrome settings.
In future, the API for Mac will be the “only approved path for making changes to Chrome settings on Mac OS X, like it currently is on Windows”, Google says. It introduced these restrictions for Chrome on Windows in 2014.
Additionally, Google reminds developers that the only extensions that are allowed to make changes to Chrome settings are those hosted in the Chrome Web Store.
Google will use Safe Browsing to warn users off any software that attempts to bypass these rules.
Safe Browsing will target any attempt to inject ads into webpages, as well as attempts to change Chrome’s start page, homepage, and the default search engine.
“Starting March 31 2017, Chrome and Safe Browsing will warn users about software that attempts to modify Chrome settings without using the API,” Google says.
Because of these changes, Google warns that macOS users may start seeing more warnings that the site they’re trying to visit may be dangerous or could lead to installing a dangerous program.
This latest effort follows rules that Google introduced in 2015 to prevent Chrome users on Windows and Mac from install extensions outside of the Chrome Store.
Read more about Google Chrome
Source: SANS ISC SecNewsFeed @ March 2, 2017 at 08:00AM