After a policy that previously permitted them, Google has decided to remove any and all Chrome extensions that mine for cryptocurrencies after finding that too many developers didn't play by the company's rules.

Google allowed Chrome extensions that performed mining with the proviso that the extensions clearly disclosed that they performed mining and performed no activity but mining. About 10 percent of extensions that mined within the browser followed these rules, but some 90 percent didn't. Instead, they mined surreptitiously, driving up people's electricity bills and running down their batteries without any informed consent on the user's behalf.

In response to this continued misbehavior, Google has decided to ban any and all cryptomining extensions. Effective immediately, the Chrome Web Store will no longer accept any extensions that mine for cryptocurrencies and, starting in June, will remove any existing extensions that mine.

This is not the only change that Google has made recently to try to protect its browser from malicious developers. Since October last year, Chrome has bundled a cut-down version of the ESET anti-malware engine to detect and remove applications that mess with Chrome by, for example, hijacking search pages, installing unwanted Chrome extensions, or messing with the homepage.

Google also announced last year that Chrome was going to start blocking third-party applications from injecting code into the browser. While this is often done without malicious intent—anti-virus applications and video drivers, for example, both often do this to provide extra functionality—malware injected into the browser can steal passwords, track activity, and other undesirable actions. Injected programs also undermine the browser's stability.

Under the new injection policy, accessibility software and input method editors will continue to be permitted, but anything else will be blocked. The rollout of this change is being made in stages. Chrome 66, due in the next few days, will warn users that injected code has caused a crash; Chrome 68, due in July, will only allow injected code to run after showing a warning; and Chrome 72, due in January next year, will block injection entirely.