Google completes ban of extensions not in the Chrome Web Store

Google is slowly but surely working on preventing developers of malicious Chrome extensions from delivering their wares to users.

First, in May 2014, they made it so that extension that are not hosted on the Chrome Web Store can’t be installed and used by users of its popular browser, but did not enforce this policy on the Windows developer channel.

Then, a couple of weeks ago, they booted unwanted ad injector extensions from Chrome Web Store.

Finally, they announced on Wednesday that the policy of enforcing that extensions be hosted on the Chrome Web Store is now effective for all Windows channels, and in July, for all extensions for OS X.

“For developers, we’ll continue to support local extension installs during development as well as installs via Enterprise policy. To provide an integrated install flow from your own website, you can make use of the existing inline installation feature,” explained Jake Leichtling, Extensions Platform Product Manager with the Google Chrome development team, and advised authors of extensions that are not yet in the Chrome Web Store to submit them as soon as possible.

“I’ve read a number of grouchy posts on e.g. Reddit claiming this is all about trying to control what extensions users use, in particular because the web store doesn’t allow things like Youtube downloaders. The sad truth is that malicious extensions mucking with Chrome are by far the biggest problem we deal with today,” Peter Kasting, a Senior Software Engineer with the Chrome UI team, commented the move.

To some degree, fighting malware is an arms race, and we won’t be able to perfectly win. But our previous restrictions here were able, alone, to reduce the number of support requests we got for such issues by 75%,” he pointed out. “So no – this has nothing to do with trying to prevent Youtube downloaders or whatever. We’ve been forced to this by bad actors, and we’re doing it because we think it’s in the best interest of our users.”