Google has announced some new business features that can help IT admins better manage Chrome browser extensions, a popular attack vector for cybercriminals. A curated Chrome Web Store experience is launching today for Enterprise workspaces that allows pre-approved extensions to be displayed on the landing page, making them easier for employees to find and install.
Companies can also promote other trusted add-ons that they have vetted, create groups for specific extensions, and customize the Chrome Web Store UI with company logos, imagery, and announcements. The aim is to prevent employees from installing potentially harmful browser extensions that pose a security risk — as seen in the phishing campaign reported in December that inserted malicious code into multiple Chrome extensions, including the Cyberhaven data security add-on.
More controls will be added for IT admins later this year, including a new Chrome Enterprise Core setting that will enable extensions to be removed from users’ systems remotely, and automatically block future downloads. Another feature, coming “early this year,” will let admins place custom messages on extension detail pages to provide more information about their compliance with workspace usage policies.
