Feeds

Google Chrome: Extensions now ONLY from the Company Store

St Peter don't you call me, 'cause I can't go

Choosing a cloud hosting partner with confidence

The walls around the garden of Google's Chrome browser are about to get a little higher, thanks to upcoming changes to how developers are allowed to distribute browser extensions to users on Windows.

Beginning in January, the Windows version of Chrome will no longer be able to add extensions from any site other than Google's own Chrome Web Store. In fact, for the most part it will even refuse to install them from the local drive.

The Chocolate Factory has been slowly buttoning down its Chrome extension policies for the last few years. Initially, extensions could be installed from anywhere on the web, just by pointing the browser at the right URL. But beginning with Chrome 21 in 2012, Google established a policy that only URLs pointing to the Chrome Web Store are valid for extension installs.

In Chrome 21 and later, including current builds, users can still install extensions from other sites if they download the files to their desktops, manually drag them to the browser's Extensions window, then click OK in a dialog box to confirm they know what they're doing. But come January, even this won't be an option for either the stable or developer branches.

According to a blog post by Chrome engineering director Erik Kay, that's because too many extension writers have been figuring out ways to evade Chrome's security measures and silently install adware or other malicious code into unsuspecting users' browsers – something Kay says is a leading cause of complaints from Chrome users on Windows.

"Since these malicious extensions are not hosted on the Chrome Web Store, it's difficult to limit the damage they can cause to our users," Kay explains.

So, no more. Beginning with what will probably be Chrome 33 (Google doesn't set fixed dates for Chrome releases, so it's hard to be sure of the version number), extension developers will need to host their wares in the Chrome Web Store, whether the extensions are intended for a wide audience or just a few users.

That doesn't mean they have to charge for their extensions, or even let the general public know they exist.

"There will be no impact to your users, who will still be able to use your extension as if nothing changed," Kay explains. "You could keep the extensions hidden from the Web Store listings if you like."

For those developers who really, really want to use their own websites as the primary source to download their extensions, Google offers a feature called Inline Installation that allows outside sites to make it seem as if extensions are being installed from their own pages, even though the actual extension files are hosted by the Chrome Web Store. This will still be supported after the policy change.

Also, the new rules won't interfere with enterprises that have set up group policies to allow Chrome to install extensions from their own servers. It's strictly meant to stem malicious downloads from the open internet.

Finally, a Chrome browser that has been put into developer mode will still be able to load unpacked extensions from the local drive – just not packed .crx files. This may be the best option for people, such as this Reg hack, who occasionally write one-off Chrome extensions for obscure purposes.

Otherwise, developers who want their extensions to reach Chrome users had better familiarize themselves with the workings of the Chrome Web Store, pronto, because there are only a few weeks left before the change goes live. A guide on how to publish extensions, themes, and apps to the store is available here. ®

Internet Security Threat Report 2014

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
First in line to order a Nexus 6? AT&T has a BRICK for you
Black Screen of Death plagues early Google-mobe batch
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.