Oh my God, they killed HPKP!

This week Google went ahead and removed support for HTTP Public Key Pinning (HPKP) from Chromium after some initial stumbles. The change was committed and tagged for Chromium 72.0.x and can now be observed by users of Chrome Canary.

Chrome Web Store – Your new one stop shop for malware and spam

While installing some apps and extensions from the Chrome web store I noticed that there were a few well known products delivered by developers totally unknown to me (and Google search). LastPass, AVG AntiVirus, Snapchat, Viber and others were available sporting their trademark name and logo, but from publishers without any affiliation with the actual brand.