Google has reversed a policy allowing Chrome extensions that use a computer’s CPU to mine cryptocurrency for the developer, so long as the extension complied with its rules about having a single, clearly understandable purpose and that it informed users about the mining.
Google says that 90 percent of all extensions with mining scripts uploaded to the Chrome Web Store didn’t meet these requirements and “have either been rejected or removed from the store”.
Cryptojacking, or surreptitiously hijacking a browser to mine a cryptocurrency, has become a growing problem on the web. Breached sites, tech support scam sites and browser extensions have gotten in on the act often by embedding the popular Coinhive mining script that mines Monero, a Bitcoin alternative that requires less computational power to generate coins. Cryptojacking has grown in popularity with a massive rise in Bitcoin's price that dragged other cryptocurrencies up with it.
Some sites such as The Pirate Bay and Salon have also adopted Coinhive to monetize visitors who use ad-blockers. Though Coinhive’s developers said usage examples like The Pirate Bay and Salon was its intended purpose, the browser script been widely abused by sites that don’t ask users for permission.
In December it was found that a popular Chrome extension called Archive Poster, an add-on for reposting Tumbler pages with over 100,000 users, had included a hidden Coinhive miner.
Chrome-based Opera has included cryptojacking script blockers in recent versions of the browser, but Google’s policy shift will have a bigger impact because Chrome is the most widely used browser with over a billion users.
Google’s fumigation of all crypto-mining extensions in the Chrome Web Store will happen over the next two months.
"Starting today, Chrome Web Store will no longer accept extensions that mine cryptocurrency. Existing extensions that mine cryptocurrency will be delisted from the Chrome Web Store in late June. Extensions with blockchain-related purposes other than mining will continue to be permitted in the Web Store,” James Wagner, a Google extensions platform product manager said.
“The extensions platform provides powerful capabilities that have enabled our developer community to build a vibrant catalog of extensions that help users get the most out of Chrome. Unfortunately, these same capabilities have attracted malicious software developers who attempt to abuse the platform at the expense of users.
“This policy is another step forward in ensuring that Chrome users can enjoy the benefits of extensions without exposing themselves to hidden risks.”