Rogue add-ons are often distributed outside the web store

We knew it was coming, and today it is so: Chrome users on Windows can no longer install extensions or apps from outside the Chrome Web Store.

Not that most would want to.

Google say the restriction, which is only limited to Windows users on the stable and beta channels, will protect users from malicious and unwanted extension installs.

While it’s not a hugely widespread occurrence there are websites that prompt users visiting from Chrome to install an extension (with widely permissive access) to unlock features or functionality.  Other common hijacks, particularly those infamous for changing the default search engine, happen through automatic opt-ins bundled into desktop application installers.

But as of today that’s all change, as Google explains :

“From now on…extensions can be installed only if they’re hosted on the Chrome Web Store. Extensions that were previously installed may be automatically disabled and cannot be re-enabled or re-installed until they’re hosted in the Chrome Web Store.”

As mentioned in our opening salvo, this change has been in the offing for some time meaning that today’s enforcement should not come as a surprise to most developers. Local extension installs are permitted, so development workflows are not affected. Add-on makers are encourage to submit their extensions to the Chrome Web Store. 

For most, this change will have few downsides and is unlikely to impinge on the user experience to any great degree. If anything, the impact of the restrictions is likely to be beneficial as Google will disable many extensions installed in this underhanded manner, meaning many will once again have a browser that works the way it was intended to.

Restrictions on the type of extensions Google will accept into the store are due to take effect next month.

Google Chrome News chrome web store google security