Feeds

Google Chrome: Extensions now ONLY from the Company Store

St Peter don't you call me, 'cause I can't go

Boost IT visibility and business value

The walls around the garden of Google's Chrome browser are about to get a little higher, thanks to upcoming changes to how developers are allowed to distribute browser extensions to users on Windows.

Beginning in January, the Windows version of Chrome will no longer be able to add extensions from any site other than Google's own Chrome Web Store. In fact, for the most part it will even refuse to install them from the local drive.

The Chocolate Factory has been slowly buttoning down its Chrome extension policies for the last few years. Initially, extensions could be installed from anywhere on the web, just by pointing the browser at the right URL. But beginning with Chrome 21 in 2012, Google established a policy that only URLs pointing to the Chrome Web Store are valid for extension installs.

In Chrome 21 and later, including current builds, users can still install extensions from other sites if they download the files to their desktops, manually drag them to the browser's Extensions window, then click OK in a dialog box to confirm they know what they're doing. But come January, even this won't be an option for either the stable or developer branches.

According to a blog post by Chrome engineering director Erik Kay, that's because too many extension writers have been figuring out ways to evade Chrome's security measures and silently install adware or other malicious code into unsuspecting users' browsers – something Kay says is a leading cause of complaints from Chrome users on Windows.

"Since these malicious extensions are not hosted on the Chrome Web Store, it's difficult to limit the damage they can cause to our users," Kay explains.

So, no more. Beginning with what will probably be Chrome 33 (Google doesn't set fixed dates for Chrome releases, so it's hard to be sure of the version number), extension developers will need to host their wares in the Chrome Web Store, whether the extensions are intended for a wide audience or just a few users.

That doesn't mean they have to charge for their extensions, or even let the general public know they exist.

"There will be no impact to your users, who will still be able to use your extension as if nothing changed," Kay explains. "You could keep the extensions hidden from the Web Store listings if you like."

For those developers who really, really want to use their own websites as the primary source to download their extensions, Google offers a feature called Inline Installation that allows outside sites to make it seem as if extensions are being installed from their own pages, even though the actual extension files are hosted by the Chrome Web Store. This will still be supported after the policy change.

Also, the new rules won't interfere with enterprises that have set up group policies to allow Chrome to install extensions from their own servers. It's strictly meant to stem malicious downloads from the open internet.

Finally, a Chrome browser that has been put into developer mode will still be able to load unpacked extensions from the local drive – just not packed .crx files. This may be the best option for people, such as this Reg hack, who occasionally write one-off Chrome extensions for obscure purposes.

Otherwise, developers who want their extensions to reach Chrome users had better familiarize themselves with the workings of the Chrome Web Store, pronto, because there are only a few weeks left before the change goes live. A guide on how to publish extensions, themes, and apps to the store is available here. ®

5 things you didn’t know about cloud backup

More from The Register

next story
Why has the web gone to hell? Market chaos and HUMAN NATURE
Tim Berners-Lee isn't happy, but we should be
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Sin COS to tan Windows? Chinese operating system to debut in autumn – report
Development alliance working on desktop, mobe software
Microsoft boots 1,500 dodgy apps from the Windows Store
DEVELOPERS! DEVELOPERS! DEVELOPERS! Naughty, misleading developers!
Eat up Martha! Microsoft slings handwriting recog into OneNote on Android
Freehand input on non-Windows kit for the first time
This is how I set about making a fortune with my own startup
Would you leave your well-paid job to chase your dream?
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.