Google cracks down on Chrome extensions
Google will block third-party browser extensions that aren’t hosted in the Chrome Web Store, in order to battle malware.
Extensions are the small tools that can be installed in Chrome to let you easily post to a social network, or track news, for example.
However, Google notes that some developers have “abused” the installation process, and “silently install malicious extensions that override browser settings and alter the user experience in undesired ways, such as replacing the New Tab Page without approval”.
Engineering director Erik Kay said in a Chrome blog post that such extensions are a leading cause of complaint from Windows users.
“Since these malicious extensions aren’t hosted on the Chrome Web Store, it’s difficult to limit the damage they can cause to our users,” Kay said.
Since these malicious extensions aren’t hosted on the Chrome Web Store, it’s difficult to limit the damage they can cause to our users
As a result, from January all extensions for Windows users must be hosted in the Chrome Web Store. The new rule applies only to stable and beta channels, so those on the developer preview of the browser will still be able to install as they choose.
“We’ll continue to support local extension installs during development as well as installs via Enterprise policy, and Chrome Apps will also continue to be supported normally,” Kay added.
“If your extensions are currently hosted outside the Chrome Web Store, you should migrate them as soon as possible,” Kay added. “There will be no impact to your users, who will still be able to use your extension as if nothing changed.”
Google suggested it wasn’t trying to fill up the Chrome Web Store, saying it’s possible to keep an extension hidden from general listings if it’s not for wider use.