Google has announced a new approach in their fight against malware in Chrome on Windows – one that will restrict the way in which extensions are installed.
From January 2014 Windows users using Google Chrome on either the Stable or Beta channels will only be able to install extensions from the Chrome Web Store. Applications and other services will no longer be permitted to bundle or ‘silently install’ add-ons, either with or without a users consent.
Chrome on Mac and Linux will not be subject to the change.
Malware & Malicious Add-Ons
‘But isn’t this how things already work?’ you ask? Not quite.
While the Web Store remains the recommended place to get browser extras, software companies are able to bundle Chrome add-ons that are installed at the same time as their application.
Google do require that add-ons distributed in this way seek ‘confirmation’ from the user before installing, but some extensions, typically of the more malicious persuasion, have found a way around this, able to silently install within the browser without the user knowing.
It’s these rogue add-ons that Google has in its crosshairs with this change. Malicious add-ons often alter the user experience in, what Google describe as, “undesired ways, such as replacing the New Tab page without approval.”
‘Restricting extension install to only those available from the Chrome Web Store is a bold move…’
“Since these malicious extensions are not hosted on the Chrome Web Store,” they continue, “it’s difficult to limit the damage they can cause to our users.”
And so arrives today’s plan to tackle this loophole. Restricting extension install to only those available from the Chrome Web Store is a bold move – one that some will see as being overly parental – but it’s one that lets Google wrestle back control from the pedlars of malware, and for ability to better protect its users.
Support for installing local extensions (i.e., for development purposes) will remain possible, as will those managed through enterprise deployments.
But the days of installing a Windows app only to discover a new toolbar and search provider waiting for you in Chrome are, finally, coming to an end.