BETA
THIS IS A BETA EXPERIENCE. OPT-OUT HERE

More From Forbes

Google Reveals 2025’s Android Upgrade—Does This Beat Your iPhone?
Cyber Resilience: Sorry Vendors, It’s About Leadership, Not Tech!
Net Neutrality Is At Risk Again, And The Free Market Won’t Save Us
Microsoft Windows BitLocker Vulnerability Exposes Passwords—Act Now
How To Get Windows 11 For Free Before Windows 10 Support Ends
Microsoft’s Update Decision—Google Disappears On PCs, Androids, iPhones
Edit Story
ForbesInnovationCybersecurity

A New Web Store—Google’s Surprise Chrome Security Decision

Davey Winder
Senior Contributor
Opinions expressed by Forbes Contributors are their own.
Davey Winder is a veteran cybersecurity writer, hacker and analyst.
Following
Updated Jan 27, 2025, 05:50am EST

As Google Chrome users respond to yet another browser security update while others contemplate what to do as their update fails, there’s some good news to be had at last. Following a rash of worrying headlines involving the Chrome browser being used to bypass two-factor authentication protections by the use of extension hacking attacks, Google has made a surprise announcement in response: a brand new Chrome Web Store. But only for enterprise users. Here’s what you need to know.

ForbesHackers Target Google Cloud—What You Need To KnowBy Davey Winder

The Surprise Google Chrome Web Store Decision

The recent Chrome browser 2FA bypass attacks involved dozens of extensions being hacked and replaced with malicious versions that had the potential to impact millions of users. Call it a sophisticated phishing attack if you like, as social engineering was used to gain access to the various developer credentials required to make the extension switch, but one thing’s for sure: this was a security game-changer. At the time, Google’s Chrome security team said that less than 1% of extension installs from the Chrome Web Store were found to include malware and “before an extension is even accessible to install from the Chrome Web Store, we have two levels of verification to ensure an extension is safe.” Now, Google has taken a further step to help ensure this kind of attack doesn’t happen again.

In a surprise Jan. 23 posting, Hafsah Ismail, a product manager for Chrome Web Store and Extensions, alongside Maxime Martin, a product manager for Chrome Enterprise, confirmed the launch of a new Chrome Web Store for enterprise users. “We’re excited to announce powerful new features designed to give businesses greater control and visibility over their Chrome extension ecosystem,” the pair said, introducing “a curated Chrome Web Store experience for your end users.”

ForbesNew Security Alert—1 Billion Passwords Stolen By Malware, Act NowBy Davey Winder
MORE FOR YOU

Sudden Fed ‘Financial Crisis’ Fear Sparks Huge Bitcoin And Crypto Price Crash Prediction

Trump’s Tariffs Put On Hold After Colombia Agrees To ‘Unrestricted Acceptance’ Of Deported Migrants, White House Says

Another Ukrainian Brigade Is Disintegrating As It Deploys To Pokrovsk

The Curated Chrome Web Store Experience

Designed to provide businesses with a greater degree of control, as well as improved visibility, of their extension ecosystem, the new Chrome Web Store offers enhanced extension management capabilities. Google divides these capabilities into five categories:

  • Simplified access to allow users to more efficiently find and install pre-approved extensions directly from the Chrome Web Store landing page.
  • Enhanced security to promote these trusted extensions while minimizing the risk from potentially harmful ones being installed.
  • Increased productivity as users will only be able to use the specific, pre-approved, extensions they need in their roles.
  • Customizable interface to give admins greater control over the Web Store experience, including the curation of extension collections along with category-based controls.
  • Greater transparency through enabling admins to create custom block messages on Chrome extension detail pages for more visibility into usage policies, coming “early this year” according to Google.
ForbesGoogle ‘Perpetual Hack’ Attack Steals Passwords And 2FA—Act NowBy Davey Winder
Follow me on Twitter or LinkedInCheck out my website or some of my other work here
Davey Winder
Davey Winder
Following

Join The Conversation

Comments 

One Community. Many Voices. Create a free account to share your thoughts. 

Read our community guidelines .

Forbes Community Guidelines

Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.

In order to do so, please follow the posting rules in our site's Terms of Service.  We've summarized some of those key rules below. Simply put, keep it civil.

Your post will be rejected if we notice that it seems to contain:

  • False or intentionally out-of-context or misleading information
  • Spam
  • Insults, profanity, incoherent, obscene or inflammatory language or threats of any kind
  • Attacks on the identity of other commenters or the article's author
  • Content that otherwise violates our site's terms.

User accounts will be blocked if we notice or believe that users are engaged in:

  • Continuous attempts to re-post comments that have been previously moderated/rejected
  • Racist, sexist, homophobic or other discriminatory comments
  • Attempts or tactics that put the site security at risk
  • Actions that otherwise violate our site's terms.

So, how can you be a power user?

  • Stay on topic and share your insights
  • Feel free to be clear and thoughtful to get your point across
  • ‘Like’ or ‘Dislike’ to show your point of view.
  • Protect your community.
  • Use the report tool to alert us when someone breaks the rules.

Thanks for reading our community guidelines. Please read the full list of posting rules found in our site's Terms of Service.