Submit A Tip Alternative Tip Form

Google To Stop Windows Users Installing Chrome Extensions From Outside Web Store

Google has announced a new approach in their fight against malware in Chrome on Windows – one that will restrict the way in which extensions are installed. 

From January 2014 Windows users using Google Chrome on either the Stable or Beta channels will only be able to install extensions from the Chrome Web Store. Applications and other services will no longer be permitted to bundle or ‘silently install’ add-ons, either with or without a users consent.

Chrome on Mac and Linux will not be subject to the change.

Malware & Malicious Add-Ons

‘But isn’t this how things already work?’ you ask? Not quite.

While the Web Store remains the recommended place to get browser extras, software companies are able to bundle Chrome add-ons that are installed at the same time as their application.

Google do require that add-ons distributed in this way seek ‘confirmation’ from the user before installing, but some extensions, typically of the more malicious persuasion, have found a way around this, able to silently install within the browser without the user knowing.

It’s these rogue add-ons that Google has in its crosshairs with this change. Malicious add-ons often alter the user experience in, what Google describe as, “undesired ways, such as replacing the New Tab page without approval.”

‘Restricting extension install to only those available from the Chrome Web Store is a bold move…’

“Since these malicious extensions are not hosted on the Chrome Web Store,” they continue, “it’s difficult to limit the damage they can cause to our users.”

And so arrives today’s plan to tackle this loophole. Restricting extension install to only those available from the Chrome Web Store is a bold move – one that some will see as being overly parental – but it’s one that lets Google wrestle back control from the pedlars of malware, and for ability to better protect its users.

Support for installing local extensions (i.e., for development purposes) will remain possible, as will those managed through enterprise deployments.

But the days of installing a Windows app only to discover a new toolbar and search provider waiting for you in Chrome are, finally, coming to an end. 

  • Josh Chambers

    There are plenty of extensions that aren’t malware that Google doesn’t want in its web store. I’m disappointed in this measure, I might switch back to Firefox.

    • http://GPlus.to/Abhisshack Abhisshack

      can you give me few example please, what kind of extension Google does not want in its web store

      • b2

        Adblockplus is at top on that list of unwanted extensions.

        • http://www.techmansworld.com/ Michael Hazell

          Google can try its hardest but if they removed AdBlock and/or AdBlock Plus there would be a huge backlash.

      • Ademola Oladipo

        ClipConverter addon was disabled. Very useful fpr me to convert youtube videos

  • JC

    This is bullshit. They are fully capable of closing whatever hole is being exploited. It’s clearly another step towards securing their middleman role in the growing web-app ecosystem.

    • http://www.live-craft.com/ Jonathan Alfonso

      I agree, but no need for the vulgarity.

  • harpaj

    This will most likely make Chrome unusable for me. Living in Germany, we have to use http://www.unblocker.yt/ to view a lot of youtube videos, which is not avaiable in the Web Store.

    • bqvtu

      they will probably just make their extension available in the web-store, google won’t block them just like they do it with youtube unblocker apps in google play

    • Will Palmer

      Maybe “Hola Better Internet” would be a solution for you, as it is for me when accessing UK and US content in France.

    • nelson

      Just make a bookmark to that site

  • Will Palmer

    Maybe this would help the problem by bypassing the plugins which make some extensions usable on only one chrome platform (OSX, Windows, Chromebook). I’m tired of using certain extensions one computer and not another.

  • R2D221

    Even though some comments are pessimistic about this new feature, I actually thing it’s a good thing. I’ve come across many computers with some “Incredibar” extension installed, which a well known malware. Maybe it will make no difference for me, but for my non-expert friends, this will help them stay safer in the web.

    • Ryan Hoots

      And if you aren’t smart enough to avoid malware, you probably don’t have the desire to install addons anyways.

    • http://www.techmansworld.com/ Michael Hazell

      The only thing that sucks is loading extensions such as LastPass in binary form. You wouldn’t be able to import passwords from Chrome anymore unless LastPass found a way around this.

      Maybe Google can make a signed extension verification program so that extensions can be side loaded for legit reasons?

  • Mathspy

    No worries my friends.
    As we always know, what they do we can rotate around.
    People will find another way to install extensions outside the Store.

  • nelson

    Well fuck snap.do

  • Guest

    As long as I can install .crx files from my hard drive, I’m fine.

  • Devon Garber

    I’m confused, can I still install .crx files I downloaded?

    • http://GPlus.to/Abhisshack Abhisshack

      probably not

      • Daniel Smith

        I don’t see why not. This is where applications were installing crappy extensions into Chrome (looks at Norton).

    • jsebean

      Yes, by checking off developer and dragging the extension to install in chrome it will install like always. This just prevents extensions installed by Windows apps.

  • brijeshb42

    On that note please try and install this Chrome App https://sourceforge.net/projects/tv-show-chrome/

  • Patrick Howard

    My guess is that you can still install .crx flags in Chrome by enabling a flag of some sort.

  • thinktank

    i use linux any way

  • kzahel

    I wrote an extension that does simple heuristic scanning of your installed extension and categorizes them according to their “risk level” – it’s just one tool that might help you browse a little safer. Get it at https://chrome.google.com/webstore/detail/privacy-guard/edcajbacgdcdeecojhlllbgingbjfbmk

  • Jenny Fletcher

    I logged on to my laptop yesterday to find that Google had, without any warning or permission, disabled my Pingler extension and would not allow me to re-enable it. I had to go to the Pingler site to find out why this had happened, and they re-directed me here for the explanation. This is quite unacceptable for a completely harmless extension. I am having a lot of problems trying to get Pingler re-enabled now, because their support person seems unable to understand the problem that Google have caused and how it is preventing me installing the newer version of the extension which is what they insist I can do, and have now told them three times that it isn’t possible.

  • blaise

    Silent Install Works again in Latest Versions of Google Chrome.
    http://youtu.be/i93hgOt5PRY