Chrome extensions can now only be installed if they're from the Chrome Web Store in a move by Google to keep users safe.

To protect users from malicious attacks, Google has implemented a change to the Chrome browser so that extensions can now only be installed if they are downloaded from the Chrome Web Store. For end users, this means that you cannot download an extension from another source and try to install or force the browser to run it. By going through the Chrome Web Store, Google is hopping that this will prevent malicious developers from releasing extensions that are harmful to unsuspecting Chrome users.

The move will ensure that users will have a more safe browsing experiencing as malware can "work by silently installing extensions on your machine that do things like inject ads or track your browsing activity. If you notice strange ads, broken web pages or sluggish browsing after installing some new software or plugins, you could be affected," Google said.

Additionally, according to Google, "extensions that were previously installed may be automatically disabled and cannot be re-enabled or re-installed until they're hosted in the Chrome Web Store."

Source: Google


Reader comments

Google blocks sideloading of Chrome extensions


The more android becomes closed (by google using all closed source app and not updating aosp apps like the browser) the more like apple they will become.

Hilarious. That sounds a lot.liken the apologists who said Internet Explorer ≠ The Internet. When over 80% of smart phones are Android, and Chrome ships as the default browser, Chrome = mobile web.

I would think they could do it in such a way like in Android, where you have to tap the build number 7 times to open the dev options. Just make it so users can't hurt themselves on accident.

On the other hand, I really don't think this is Google's intent ...

I thought this was done months ago.
Anyways, I'm glad Google is doing this because even at my college of people with fairly decent technical knowledge, I see this issue of malicious side loaded extensions crop up all the time. Ads are literally everywhere and people have no idea why until I point out that they have extra extensions (which they don't remember installing, of course).
Allowing developers (via unpacked extensions and the developer channel) and Enterprises still sideload is a nice balance, I think, and should alleviate any cause for concern.

It does make since in a way do you know how many pop ups and auto installs I get off of some sights?? This would be good especially if it's an .exercise file and tries to hijack my system

Maybe they will update it to work like Android, only allow side loading when the user agrees.

Posted via Android Central App

That's what I was thinking. Lock it down by default, but let the user opt in to third party installations if they want to.

They had such a philosophy? AFAIK, Chromium is still open, and Chrome != Chromium. Much like how people are misunderstanding AOSP. The core OS is still open source.

Android is as open as unlimited data plans are unlimited. Just like unlimited data plans that throttle your data to speeds that make it unusable for any practical reason even though it is still "unlimited", AOSP without Google apps and services and staying behind in updated features, is close to useless too.

I would imagine selective removal of certain extensions comes next (I'm thinking adblock mostly) Now that firefox is basically a chrome clone there aren't many good alternatives remaining.

Theres always IE which has gotten better as a browser, but lacks the extensions. Windows 8.1 apps can help fill some of the gaps but not all, an update to 8.1 is coming where they will have the apps able to be launched in a windowed mode. Yes this is already possible through third party.
Opera which works on chromium, their official store is lacking though and loads terribly slow at times no matter what your internet connection is.
Maxthon is intriguing but then again very little developer support for extensions.

Couple of things to point out. This is only for Windows, not Mac or Linux. Local apps can still be installed. i.e. you can still write your own and install it. This is useful for developers.

Earlier today Hangouts installed itself back onto my chrome browser when I launched it, it was in the process of installing while I opened the browser, whats up with that? I had it on my chrome before, didn't really like it so I removed it. Never go on google+ or use hangouts in gmail I rarely even use gmail in the chrome browser.

CHROMIUM, the open source version of the browser, though, remains open to sideloaded extensions.

Sent from my Nexus 5 :-D

Thanks I use some side loaded extensions. I will say I've gotten a stupid spyware chrome extension out of the blue before and had to kill it. I can see why they're doing this. Chrome is getting more popular which unfortunately means more attacks. I'll try chromium.

I almost think there should be an option hidden in settings where you check mark side load extensions allowed like on android with a warning if you un check it. Then the mass won't have to worry and Google won't have to either. They'll make the fans happy. God forbid they ever remove side app loading on android.

Posted via Android Central App

I get it, but it's still upsetting. One of the guy's I worked with created an extension that allows us to right click certain customer identifiers and then run a query in our DB for it, which is an enormous time saver. I will be very sad to see this functionality depart from my workflow.

I like Chrome but I'm unlikely to keep using it after this change. They already made it awkward to install extensions not hosted on their store and that should be enough.

I'll try Chromium soon and if that's as bad, it'll be back to Firefox.

Maybe they will let you sideload if you join Google+. ☺
They have been pulling out functionality of all their products and coercing people into using Plus to get the functionality back. Just kidding. This time I think that they are really doing an Apple move. Actually, they have been copying the worst of both, Microsoft and Apple lately.

Hopefully this doesn't include userscripts, those are the only things I really use outside of a few extensions found on the Chrome store.

How will people react when Google uses the same logic to
announce a total ban on side-loading apps on Android phones?
Only apps from the Play Store can be installed.

Sadly, I don't doubt that happening. Although I am sure most people on these forums root/rom so it won't be a problem for us to get around. Maybe Ubuntu Touch might be worthwhile?

I've gotten malicious extensions and they were surprisingly hard to remove. (I beeline they changed that process) In any case it's hard to complain when the offer the browser open source and other version are out there. (But some people stool do)

Posted via Android Central App

Chromium or IE it is I guess, though I hate how IE pre-caches harmful .exe files to your C:\ before you even decide whether to approve the download or not.

Posted via Android Central App

Google has always felt like a joke, if they demand to be taken seriously now I will leave and not look back, we don't need a second Microsoft or Apple, just imagine either combined with ***ADVERTS***! Google just can't help pushing 1 step too far in every direction, because let's face it, they WERE a great search engine, now they are a mediocre advert engine with 0 social responsibility. I love Google products, less and less every day.

Posted via Android Central App

What sideloaded extensions are you guys using? Legit question

Posted via Android Central App via the not so new Nexus 5 and a half

Some of you guys don't understand the difference between the *Android* ecosystem and the *Google* ecosystem.
If Google--a company that is responsible for tons of user data--is going to survive all the scrutiny they get in this business, sometimes hard decisions need to be made. Sometimes decisions need to be made for the majority. The savvy among us will figure out the rest.
It's completely senseless to use this as an argument that Android isn't "open". First of all, this isn't Android--this is Chrome Browser (for MS Windows!) --a *proprietary* version of an open-source project. Secondly, just because the core of *Android* is open-sourced doesn't mean that ALL of Google and their services are free and open. They have a bottom line and users to protect. Open-source projects exist for many reasons, and Google's open source projects play just as much of a role in the community as their proprietary versions do.
Open source isn't about you being able to sideload or flash ROMs. It has a much bigger, and less selfish purpose.

If you can no longer sideload, how would someone distribute an extension for testing? What about "private" extensions (made for your company, for example) that don't really belong in a public storefront?