Google today announced it will block local Chrome extensions starting in January, but only on the Windows platform. This means that next year, Windows users will only be able to install extensions for the company’s browser from the Chrome Web Store.
The changes will affect both Chrome’s stable and beta channels on Windows. Google says it will continue to support local extension installs on its Dev and Canary channels, as well as installs via Enterprise policy. Chrome apps are not affected at all and will continue to be supported normally.
F**k it, we'll do it live!
Our biggest ever edition of TNW Conference is fast approaching! Join 10,000 tech leaders this May in Amsterdam.
This is strictly a security move. Google says it is making the move in reaction to malicious Chrome extensions plaguing Microsoft’s desktop platform:
Many services bundle useful companion extensions, which causes Chrome to ask whether you want to install them (or not). However, bad actors have abused this mechanism, bypassing the prompt to silently install malicious extensions that override browser settings and alter the user experience in undesired ways, such as replacing the New Tab Page without approval. In fact, this is a leading cause of complaints from our Windows users.
Google says none of these malicious extensions are hosted on the Chrome Web Store, making it difficult for the company “to limit the damage they can cause to our users.” In other words, Google says it has no choice but to block local extensions, on Windows.
Google recommends that developers who have extensions hosted outside the Chrome Web Store migrate them “as soon as possible.” If developers don’t make the change, their users will not be able to install their extensions nor will they be able to keep using extensions that have already been installed.
This is not the first measure Google has made to fight malware in Chrome (see links below). Clearly the company is being forced to make more and more changes as criminals adjust their tactics accordingly. It’s a vicious cycle.
See also – Google Chrome 25 will disable silent extension installation, kill all such extensions retroactively and Google further secures Chrome against malicious extensions, will start malware download prompts next week
Top Image Credit: Miguel Saavedra