Feeds

Google Chrome: Extensions now ONLY from the Company Store

St Peter don't you call me, 'cause I can't go

Application security programs and practises

The walls around the garden of Google's Chrome browser are about to get a little higher, thanks to upcoming changes to how developers are allowed to distribute browser extensions to users on Windows.

Beginning in January, the Windows version of Chrome will no longer be able to add extensions from any site other than Google's own Chrome Web Store. In fact, for the most part it will even refuse to install them from the local drive.

The Chocolate Factory has been slowly buttoning down its Chrome extension policies for the last few years. Initially, extensions could be installed from anywhere on the web, just by pointing the browser at the right URL. But beginning with Chrome 21 in 2012, Google established a policy that only URLs pointing to the Chrome Web Store are valid for extension installs.

In Chrome 21 and later, including current builds, users can still install extensions from other sites if they download the files to their desktops, manually drag them to the browser's Extensions window, then click OK in a dialog box to confirm they know what they're doing. But come January, even this won't be an option for either the stable or developer branches.

According to a blog post by Chrome engineering director Erik Kay, that's because too many extension writers have been figuring out ways to evade Chrome's security measures and silently install adware or other malicious code into unsuspecting users' browsers – something Kay says is a leading cause of complaints from Chrome users on Windows.

"Since these malicious extensions are not hosted on the Chrome Web Store, it's difficult to limit the damage they can cause to our users," Kay explains.

So, no more. Beginning with what will probably be Chrome 33 (Google doesn't set fixed dates for Chrome releases, so it's hard to be sure of the version number), extension developers will need to host their wares in the Chrome Web Store, whether the extensions are intended for a wide audience or just a few users.

That doesn't mean they have to charge for their extensions, or even let the general public know they exist.

"There will be no impact to your users, who will still be able to use your extension as if nothing changed," Kay explains. "You could keep the extensions hidden from the Web Store listings if you like."

For those developers who really, really want to use their own websites as the primary source to download their extensions, Google offers a feature called Inline Installation that allows outside sites to make it seem as if extensions are being installed from their own pages, even though the actual extension files are hosted by the Chrome Web Store. This will still be supported after the policy change.

Also, the new rules won't interfere with enterprises that have set up group policies to allow Chrome to install extensions from their own servers. It's strictly meant to stem malicious downloads from the open internet.

Finally, a Chrome browser that has been put into developer mode will still be able to load unpacked extensions from the local drive – just not packed .crx files. This may be the best option for people, such as this Reg hack, who occasionally write one-off Chrome extensions for obscure purposes.

Otherwise, developers who want their extensions to reach Chrome users had better familiarize themselves with the workings of the Chrome Web Store, pronto, because there are only a few weeks left before the change goes live. A guide on how to publish extensions, themes, and apps to the store is available here. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Whoah! How many Google Play apps want to read your texts?
Google's app permissions far too lax – security firm survey
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.