Google to tighten up Chrome extension security on Windows

Google to tighten up Chrome extension security on Windows

Summary: In order to impede the spread of malicious Chrome extensions on Windows, Google will start requiring all extensions to the stable and beta Windows versions to load from the Chrome Web Store.

SHARE:
TOPICS: Security, Browser, Google
14

According to Google, the leading cause of complaints from Chrome users on Windows is a malicious extension the user installed. To make things harder for the authors of these malicious programs, Google will, starting in January, require that all extensions installed in the stable or beta channel products come from the Chrome Web Store.

Currently, by default, users can install extensions from anywhere. This makes it easy for attackers to post malicious code and lure users to it. After the change, users running the Chrome Dev channel will still be able to install extensions from locations other than the Chrome Web Store.

Google advises developers of extensions to begin migrating their code to the Store immediately. The changes should have no direct impact on users.

goo.gl.extension
A typical Chrome extension

 

Chrome Apps, as distinct from extensions, are not affected by this change.  Enterprises which use Group Policy to manage and deploy Chrome will also be able to deploy extensions to the beta and stable channels that way, as well as through inline installation.

We have seen complaints of malicious Chrome extensions, specifically adware, for Mac OS X. We asked Google whether they had plans to extend the rule to other platforms and they replied:

This change is planned for Windows only, as that’s where we receive the most user complaints of bad behavior. We may apply to other platforms but have nothing to announce at this time.

Topics: Security, Browser, Google

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

14 comments
Log in or register to join the discussion
  • Leading cause of complaints...about Android.

    Oh Google, do some thing to fix the weakly designed and stolen product Android. Its a shame that a modern mobile platform is so weak when it comes to security.
    Owl;Net
    • Name changed?

      Let me guess, you got banned?

      Shoo, Owl, shoo!

      Back to the forest you go!
      ForeverCookie
    • Give up mate

      If you dont like Android or anything google then stop complaining on said threads mate, now im going to flag you back to the 50's where you belong. Ill > 30!
      JohnnyJammer
    • Huh?

      Stolen? From who? Apple?
      Gisabun
  • Limiting extensions to the store creates a walled garden

    Malicious extensions may be just an excuse to create a walled garden.

    By forcing all extensions through the Chrome store, it limits the freedom of what people can do with their browsers. Everything will have to get Google's approval.

    Extensions that Google doesn't like, such as those that allow video downloads from YouTube, will not be allowed.
    Vbitrate
    • Windows only

      Chrome is also available for OS X and GNU/Linux.
      Rabid Howler Monkey
    • And yet

      You can get YouTube downloaders from the Google Chrome Store right now -_-
      Michael Alan Goff
      • apps or extensions?

        nt
        larry@...
        • Extensions

          I would give you links, but I'd rather not have my post randomly deleted by whoever does that sort of thing. Just go to the Chrome store and look up YouTube downloader.
          Michael Alan Goff
          • you're right

            I did a search and saw them. I'm not sure what Google's policies are for apps or extensions in the store. I'm working on a follow-up so I will look into it.
            larry@...
          • That's a good question

            I wonder if Google's policy is just to check for problems (a virus or trojan) and let it in.
            Michael Alan Goff
    • isn't m$ doing the same thing with 'doze store ?

      EOM
      GrabBoyd
  • Errrr

    I guess it's one way for Google Chrome to reduce the number of vulnerabilities. when v30 came out, it fixed 50 vulnerabilities - wondering how many have been around for a while.
    Gisabun
  • meh

    I don't know about this... Seems like they're cutting out other extensions for reasons other than user security. It gives them a monopoly on the market... I do understand the security aspect (I'm very careful what I'll download to my torch browser), but I don't like having the options made so limited.
    Brian_C