Why Google Plans To Block Non-Web-Store Extensions

Why Google Plans To Block Non-Web-Store Extensions

Chrome: From next year, Google will block the installation of browser extensions that don’t come from the Chrome Web Store. While this change is only officially impacting Windows users, in reality than means few extensions will be able to attract an audience without being within the store.

The change has come about to avoid extensions installing silently and making changes to users’ configuration without letting them know. Chromium engineering director Erik Kay explained the logic in a blog post:

Since these malicious extensions are not hosted on the Chrome Web Store, it’s difficult to limit the damage they can cause to our users. As part of our continuing security efforts, we’re announcing a stronger measure to protect Windows users: starting in January on the Windows stable and beta channels, we’ll require all extensions to be hosted in the Chrome Web Store. We’ll continue to support local extension installs during development as well as installs via Enterprise policy, and Chrome Apps will also continue to be supported normally.

While the restriction only applies to Windows, Chrome extensions are rarely platform-specific, which means any serious extension developer will have to offer the store as an option, even if they also include non-Web Store versions for Mac and Linux.

Protecting Windows users from malicious extensions [The Chromium Blog]


    • Someone will find a way to get around it for sure; kind of like jailbreaking… your browser. But yeah, this is kinda irritating.

    • Internet download manager, has an extension for chrome and they will have it on the chrome store, even download 1080p videos

  • This is Google trying to control you even more. There is no legitimate reason why a “store” needs to be involved in security. If harmful extension can install themselves onto the chrome browser silently, then that’s a big problem with chromes security. Yet another reason to stay away from chrome, and Google.

  • Wut? The current system works fine — if you try and install a non-webstore extension just by opening it, it blocks it. To install it, you have to open the extensions page and manually drag and drop it in there. This stops malicious and stupid users from installing crap, but lets more advanced users install stuff (like the YouTube downloader etc.)

    If this is happening in Chrome, will it only be a matter of time before we see the end of sideloading apps on Android?

    • I think this is to add a second level of authentication for what extensions are installed. While it does already provide some security within the browser where the user has to manually install the extension, there is malware out there that automatically installs itself into Google Chrome. By having the extensions all on the store, Chrome will be able to check if that is in fact a valid extension before allowing it. This will (hopefully) eliminate malware sneaking it’s way into the browser.

      • I never realised you could “sneak” malware onto Chrome without manually installing it yourself.

        I hope it’s as @shithead said, in that you can just turn on developer mode and install third party extensions again.

Show more comments

Comments are closed.

Log in to comment on this story!