The Chrome browser is seen as the safest browsers around. With it’s sandboxing technology and other protection strategies, it’s quite safe to browse the web with Chrome.
After the FireFox guys discovered a plugin that steals passwords, the world was shown another possibility hackers will try to exploit to get into your computer. Obviously people using plugins downloaded from the plugin directory managed by Mozilla themselves are expecting that these plugins are not malicious. They are ofcourse scanned by virus scanners and such before placement, but for a new ‘spyware’ this ofcourse cannot be full-proof unless all sourcecode of the plugin is read by a developer (which would cost too many hours).
But Chrome is super safe right? No such thing in possible with Chrome? Ofcourse there is as a hacker showed today. For developers, the reason why this is possible is obvious. And it is also obvious that it cannot possible be prevented unless, again, someone studies the entire source of the plugin/extension. And even then a few ‘evil’ ones my slip through the cracks.
Safety in plugins you install is a responsibility of the user. You should not install plugins that are from unknown developers, new and hardly used. It is bad practice. After this incident, more will be done to prevent it. I can imagine building some kind of ‘quarantine period’ in which a plugin only randomly appears in the downloads and is monitored for incoming and outgoing traffic by the browser (this can be done). Still that would take a lot of man hours to actually pull off. Crowdsourcing is another option; just have volunteers test the plugins thoroughly first; probably there are plenty people willing to help.
Are you worried or can you think of solutions? Feel free to comment!