Google to seal its walled garden for Chrome extensions

From July the only place where Chrome users will be able to install extensions from is the Chrome Web Store — including the Chrome developer channel and Chrome for Mac OS X.

The new extension block tightens up a policy Google introduced last May, which prevented all Chrome extensions unless they’re hosted on the Chrome Web Store.

There were a few gaps in its initial policy though: Google didn’t enforce it for the developer channel of Chrome, leaving an “opt-out” option for some, and for unknown reasons only applied the block to Chrome on Windows.

Some critics saw this as attempt to put Chrome into a walled garden, but Google said it was to protect Windows users from malware, such as extensions that track browsing activity or inject ads.

Google today said it worked, claiming a 75 percent drop in customer support help requests for uninstalling unwanted extensions after introducing the policy May.

It’s explanation for extending the policy to the developer channel of Chrome is once again security.

“We originally did not enforce this policy on the Windows developer channel in order to allow developers to opt out. Unfortunately, we’ve since observed malicious software forcing users into the developer channel in order to install unwanted off-store extensions,” said Jake Leichtling, Extensions Platform Product Manager.

“Affected users are left with malicious extensions running on a Chrome channel they did not choose.”

Along with the new rule for developers, Google will also block extensions for Chrome on Mac.

As with the previous policy, Google will still let developers install extensions locally during the development and installs via Enterprise policy. And for developers will still have the option to offer extensions via their own website via inline installs, though this still installs from the Chrome Web Store.

Google has been cleaning up some of the shadier extensions on the Chrome Web Store too, this April disabling 192 ad-injectors.

The policy shift follows research published last week that found that ad-injectors interfered with about 5 percent of visits to Google sites. The researchers also identified 50,870 Chrome extensions and 34,407 programs that injected ads. While only 10 percent were ever found on the Chrome Web Store, they could have still been installed on developer channel Chrome.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags GoogleCSO AustraliaSuperfishChrome extensionsad-injectorsChrome developer channelChrome for Mac OS XJake Leichtling

More about CSOEnex TestLabGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts