Feeds

Google Chrome: Extensions now ONLY from the Company Store

St Peter don't you call me, 'cause I can't go

High performance access to file storage

The walls around the garden of Google's Chrome browser are about to get a little higher, thanks to upcoming changes to how developers are allowed to distribute browser extensions to users on Windows.

Beginning in January, the Windows version of Chrome will no longer be able to add extensions from any site other than Google's own Chrome Web Store. In fact, for the most part it will even refuse to install them from the local drive.

The Chocolate Factory has been slowly buttoning down its Chrome extension policies for the last few years. Initially, extensions could be installed from anywhere on the web, just by pointing the browser at the right URL. But beginning with Chrome 21 in 2012, Google established a policy that only URLs pointing to the Chrome Web Store are valid for extension installs.

In Chrome 21 and later, including current builds, users can still install extensions from other sites if they download the files to their desktops, manually drag them to the browser's Extensions window, then click OK in a dialog box to confirm they know what they're doing. But come January, even this won't be an option for either the stable or developer branches.

According to a blog post by Chrome engineering director Erik Kay, that's because too many extension writers have been figuring out ways to evade Chrome's security measures and silently install adware or other malicious code into unsuspecting users' browsers – something Kay says is a leading cause of complaints from Chrome users on Windows.

"Since these malicious extensions are not hosted on the Chrome Web Store, it's difficult to limit the damage they can cause to our users," Kay explains.

So, no more. Beginning with what will probably be Chrome 33 (Google doesn't set fixed dates for Chrome releases, so it's hard to be sure of the version number), extension developers will need to host their wares in the Chrome Web Store, whether the extensions are intended for a wide audience or just a few users.

That doesn't mean they have to charge for their extensions, or even let the general public know they exist.

"There will be no impact to your users, who will still be able to use your extension as if nothing changed," Kay explains. "You could keep the extensions hidden from the Web Store listings if you like."

For those developers who really, really want to use their own websites as the primary source to download their extensions, Google offers a feature called Inline Installation that allows outside sites to make it seem as if extensions are being installed from their own pages, even though the actual extension files are hosted by the Chrome Web Store. This will still be supported after the policy change.

Also, the new rules won't interfere with enterprises that have set up group policies to allow Chrome to install extensions from their own servers. It's strictly meant to stem malicious downloads from the open internet.

Finally, a Chrome browser that has been put into developer mode will still be able to load unpacked extensions from the local drive – just not packed .crx files. This may be the best option for people, such as this Reg hack, who occasionally write one-off Chrome extensions for obscure purposes.

Otherwise, developers who want their extensions to reach Chrome users had better familiarize themselves with the workings of the Chrome Web Store, pronto, because there are only a few weeks left before the change goes live. A guide on how to publish extensions, themes, and apps to the store is available here. ®

High performance access to file storage

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Windows XP still has 27 per cent market share on its deathbed
Windows 7 making some gains on XP Death Day
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
US taxman blows Win XP deadline, must now spend millions on custom support
Gov't IT likened to 'a Model T with a lot of things on top of it'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.