Google Expands Moat Around Extensions for the Chrome Browser

by Ostatic Staff - May. 18, 2015

A couple of years ago, Google declared war on extensions for the Chrome browser not hosted on the Chrome Web Store. As the Chromium blog made clear: "Many services bundle useful companion extensions, which causes Chrome to ask whether you want to install them (or not). However, bad actors have abused this mechanism, bypassing the prompt to silently install malicious extensions that override browser settings and alter the user experience in undesired ways, such as replacing the New Tab Page without approval."

Now, after working in phases to steer most Chrome users to getting extensions on the official Web Store, Google has dropped the hammer and is requiring all extensions to originate from the Chrome Web Store for all builds of the Windows browser. Developers and Mac users are also affected.

As Beta News notes:

"With immediate effect, those on the developer channel will have to install extensions from the Store, and the policy will be applied to the Mac version of Chrome in a few weeks...Google says that since making it more difficult for most people to install non-store hosted extensions, the company has seen requests for help with 'unwanted add-ons' drop by 75 percent."

According to a Google post:

"We originally did not enforce this policy on the Windows developer channel in order to allow developers to opt out. Unfortunately, we’ve since observed malicious software forcing users into the developer channel in order to install unwanted off-store extensions. Affected users are left with malicious extensions running on a Chrome channel they did not choose. As such, starting today we will begin enforcing this policy on all Windows channels. Mac will soon follow, with enforcement for all channels beginning in July 2015."

  Google has been moving more and more of the Chrome ecosystem toward the Chrome Web Store, where it can have more control than it otherwise would. We are quickly moving toward versions of Chrome for which you can only install extensions from the Chrome Web Store. While that may boost security, it's not an exactly an open extension model. In case you've missed some of the similar moves that Mozilla is making with Firefox, check our previous post.