Google to extend rogue Chrome add-on ban to OS X

Better get those extensions into the Company Store, pronto

Web browsers 2015

If you use Windows, you can forget about installing Chrome extensions from sites other than Google's store, effective immediately – even if you're a web developer. And the same will soon be true for Mac users, too.

When the Chocolate Factory originally clamped down on "foreign" extensions in the Windows version of its browser last year, it gave developers a reprieve by not applying the ban to Chrome's Developer release channel. That changed on Wednesday, and Google says it will soon begin applying the same restrictions on OS X, too.

The problem is that no sooner does Google lock down its browser than malware authors find new ways to pick the locks.

"Unfortunately, we've since observed malicious software forcing users into the developer channel in order to install unwanted off-store extensions," Google product manager Jake Leichtling explained in a blog post. "Affected users are left with malicious extensions running on a Chrome channel they did not choose."

Malicious browser add-ons have been a top issue for the Chrome team for some time now. Earlier this month, it published new research into what it describes as the "ad-injection economy," in which it identified some 84,000 extensions and applications that sought to hijack browser sessions for the purpose of injecting unwanted ads or tracking cookies.

Google says that after it started enforcing the ban on off-store extensions, it saw a 75 per cent decrease in the number of support tickets from customers wanting help uninstalling unwanted extensions.

But besides just wanting Chrome users to have good experiences on the web, Google has some skin in this game. Of the billions of dollars in revenue it pulls in every year, some 90 per cent comes from advertising. Little wonder it doesn't want rogue adware horning in on its business, particularly where its own sites are concerned.

Not being able to install extensions from their own sites isn't really that much of a hassle, anyway. Chrome devs already need to know how to use Google's store and management dashboard if they want to distribute their extensions to ordinary users. And if they want to test pre-release versions, they can mark them as such and they won't be visible to the public.

What's more, developers who want to make it look like an extension is being installed from their own site have an inline install option. The extension is really hosted in Google's store but customers don't need to navigate away from the developer's site to install it.

Finally, Google says coders will still be able to load extensions from the local hard drive while they're under active development.

All of this still only applies to Windows for now, since Windows users are the ones who experience the most trouble with unwanted adware. But OS X is next on the list, and Mac owners can expect to start seeing off-store Chrome extensions blocked beginning this July. ®


Biting the hand that feeds IT © 1998–2017