Mac users are to be better protected against malicious Chrome extensions, Google has announced.
A policy limiting Chrome extension installs to only those hosted on the Chrome Web Store is to come into effect across all stable, beta and developer channels beginning July 2015.
Don’t panic if that sounds a little heavy-handed. The majority of extensions the move will affect are the sort of extras you don’t knowingly install yourself.
Yep, most extensions installed from outside of the Chrome Web Store are done unwittingly thanks to distribution through app installer for other software (think toolbars, new tab pages, search engine replacements, etc).
Google introduced a similar safe-guard on Windows last year, a move which it says caused a 75% drop in help queries from Chrome users needing help to remove unwanted extensions.
Big Change for Windows, Too
Part of the policy extension will also affect the way Windows extension developers are able to test their code out locally, as this snippet in the announcement post details:
“We originally did not enforce [the policy of limiting extension installs to the Web Store] on the Windows developer channel in order to allow developers to opt out.”
“Unfortunately, we’ve since observed malicious software forcing users into the developer channel in order to install unwanted off-store extensions. Affected users are left with malicious extensions running on a Chrome channel they did not choose.”
Yikes!
Windows dev channel users will still be allowed to install local extensions (using the developer options in ‘chrome://extensions’) or by using an Enterprise policy (something a rogue add-on cannot use without your knowledge).
Phew!
In all these changes, restrictive or confusing though they may sound at first blush, will help ensure that using Chrome extensions is safer for all of us. Most of us only install extensions and apps from the Chrome Web Store and this announcement doesn’t change that.