Google will require extensions for its Chrome browser to be installed from its Web Store, a move intended to stop users from inadvertently installing malicious ones.

Google has gradually been changing its policy around extensions to prevent abuse. Last year, it mandated that all Chrome extensions for Windows be hosted in its store, wrote Jake Leichtling, an extensions platform product manager.

The change caused a 75 percent drop in requests from customers asking how to uninstall unwanted extensions, he wrote. It did not apply to the Windows developer channel, but hackers are now using that in order to install extensions, he wrote. Starting Wednesday, all extensions for Windows will have to be hosted in the store, and the same will apply to OS X in July.


Google automatically analyzes extensions for malicious behavior. Most are then published, although some may be held for manual review. It bans extensions that interfere with advertisements, for example, or are spammy.

For development purposes, Google will still allow extensions to be installed locally, as well as forced installs using a group policy for enterprises, Leichtling wrote.

To not disrupt users’ experiences, Google also allows so-called inline installations, where a user appears to install an extension directly from a website, but it is actually hosted at the Web Store.




Post a Comment