Google to tighten up Chrome extension security on Windows

Summary:In order to impede the spread of malicious Chrome extensions on Windows, Google will start requiring all extensions to the stable and beta Windows versions to load from the Chrome Web Store.

According to Google, the leading cause of complaints from Chrome users on Windows is a malicious extension the user installed. To make things harder for the authors of these malicious programs, Google will, starting in January, require that all extensions installed in the stable or beta channel products come from the Chrome Web Store.

Currently, by default, users can install extensions from anywhere. This makes it easy for attackers to post malicious code and lure users to it. After the change, users running the Chrome Dev channel will still be able to install extensions from locations other than the Chrome Web Store.

Google advises developers of extensions to begin migrating their code to the Store immediately. The changes should have no direct impact on users.

goo.gl.extension
A typical Chrome extension

 

Chrome Apps, as distinct from extensions, are not affected by this change.  Enterprises which use Group Policy to manage and deploy Chrome will also be able to deploy extensions to the beta and stable channels that way, as well as through inline installation.

We have seen complaints of malicious Chrome extensions, specifically adware, for Mac OS X. We asked Google whether they had plans to extend the rule to other platforms and they replied:

This change is planned for Windows only, as that’s where we receive the most user complaints of bad behavior. We may apply to other platforms but have nothing to announce at this time.

Topics: Security, Browser, Google

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.