alt Hacker NewsMy comment was sarcasm.
The difference here is are you downloading a random dll from a well known source or from http://free-vpn-fast-internet.dwnloadfree.ru/free-chrome-vpn...? My mom isn't going to know the difference and will click the big green DOWNLOAD NOW button blindly.
Replies
My heavily downvoted comment was also a sarcasm.
So here's the dilemma:
- People are afraid of plugins "in the wild". People need some kind of centralized, managed "extension store"
- People complains about store policy like Manifest V3
I don't think a single mechanism can please both crowds.
And what's worse? Google doesn't actually care about the security of the the "store". Scam extensions are everywhere. The "audit process" are minimal, customer/developer service are essentially none, and Google only enforce rules that affect their ads business.
But that's not a difference, is it? Can't Windows enforce that DLLs have to be signed just like extensions?