Google, Apple, Microsoft and Mozilla team up to make extensions more secure
This week, W3C announced that it is launching the WebExtensions Community Group (WECG) in collaboration with several of the biggest tech companies. Apple, Google, Microsoft and Mozilla are teaming up to achieve better standardization of web extensions. This means that extensions for Chrome, Safari, Edge and Firefox will one day be safer and easier to create! The specific objectives of the community group are:
- Make it easy for developers to build extensions by specifying a consistent model and common core features, APIs, and permissions
- Describe an architecture that improves performance and is even more secure and resistant to abuse.
Using the model of existing extensions and APIs supported by Chrome, Microsoft Edge, Firefox, and Safari as a basis, we’ll start by working on a specification. We aim to identify common ground, bring implementations closer together and chart a course for future evolution.
W3 has explicitly stated that it isn’t trying to dictate exactly what developers can and can’t create with extensions. They will not specify, standardize or coordinate the signing or delivery of extensions either. They just want to encourage innovation while keeping user privacy and security the same across the board, and honestly, I totally agree! To achieve this, the work of the community group will be guided by a common set of HTML and W3C tag design principles such as user-centric, compatibility, performance, security, privacy, portability, maintainability and well-defined behavior.
We have seen that Google has put a lot of effort into removing malicious actor extensions and protecting users from installing malicious elements with its seal of approval for developers who respect user privacy and data and with Chrome 91 implementations using file scanning with Google Safe browsing as well. I can’t wait to see what will become of the combined efforts of the best sailors, even a year after this group was formed!