New issue
Advanced search Search tips

Issue 625888 link

Starred by 19 users
Status: Assigned
Owner:
rdevlin....@chromium.org
Cc:
rdevlin....@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Feature



Sign in to add a comment

Disable All Extensions On Certain Domain Names/Sites

Reported by arpitnex...@gmail.com, Jul 5 2016 
PRIVACY ISSUE
Currently, If an installed extension has <all_urls>, http://*?* and https://*/* permissions, it can run on all of the web pages. These permissions enable extensions to be more useful. But, on the other hand, a malicious extension can track user's activities, and log private and financial data.

I've noticed that extensions are not allowed on Chrome Web Store web pages. Chrome team could expand this for other websites, where users can "whitelist" certain websites on which no extension is allowed to execute its content scripts even if has <all_urls> permission.

I understand that there is incognito mode where extensions are disabled by default, but still, such an option would be better.

REPRODUCTION STEPS
N/A

Comment 1 by battre@chromium.org, Jul 6 2016

Components: Platform>Extensions
Labels: Type-Feature

Comment 2 by sabineb@chromium.org, Jul 7 2016

Cc: rdcronin@chromium.org

Comment 3 by rdevlin....@chromium.org, Jul 8 2016

Cc: -rdcronin@chromium.org rdevlin....@chromium.org
Status: Available (was: Untriaged)
We've thought about this.  Right now, the closest solution is to enable the flag chrome://flags/#extension-active-script-permission, which makes extensions requiring all urls require user consent (and gives options for "always run on this site", etc).  Note that it's still experimental and in development, and has some very rough UI edges.  But it should serve the purpose of giving you more control over when extensions act.

It's possible that we'll also provide a blacklisting functionality to disallow all extensions from acting on certain sites as part of the same project (I think the canonical bug is issue 362353).  If we don't, it's unlikely we'll get to this separately any time in the future.  Marking as available in case someone else is ambitious enough to take this on separately.

Comment 4 by j...@tfsit.com, Mar 7 2017 

please

Comment 5 by elawrence@chromium.org, Sep 18 2017 

 Issue 766147  has been merged into this issue.
Project Member

Comment 6 by sheriffbot@chromium.org, Sep 19

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 7 by karandeepb@chromium.org, Sep 29

Owner: rdevlin....@chromium.org
Status: Assigned (was: Untriaged)
Devlin: I think this is sort of fixed with runtime host permissions. Assigning this to you, so you can triage this appropriately.

Sign in to add a comment