Google: Unapproved Chrome extensions require manual install

Google: Unapproved Chrome extensions require manual install

Summary: Google just made it much harder to install extensions that are not on the Chrome Web Store. The goal is to improve the browser's security by making malicious extensions a pain to install.

SHARE:
Google: Unapproved Chrome extensions require manual install

Google has changed the way you add extensions to Chrome. If your extensions are from the Chrome Web Store, then this does not affect you. If, however, you develop or install extensions not on the store, you'll find this change a very annoying one, even though it's being done to improve the browser's overall security.

Previously, any website could prompt you to add a Chrome extension. Now, however, you must explicitly tell Chrome that you want to install these extensions by adding them through the Extensions page. The goal here is to prevent websites from automatically trigger unauthorized extension installations, cutting down on how quickly malicious extensions can spread.

When you try to install a Google Chrome extension from anywhere else on the Web, the browser blocks you from doing so. It also pops up an alert bar with the following message: "Extensions, apps, and user scripts can only be added from the Chrome Web Store. Learn more"

The "Learn more" phrase is a link to a Google Chrome support page titled "Adding extensions from other websites." Here's the crux of it:

To help keep you safe on the web, we have started analyzing every extension that is uploaded to the Web Store and take down those we recognize to be malicious. Unfortunately, we don’t have the ability to take down malicious items promoted on other websites. For instance, online hackers may create websites that automatically trigger the installation of malicious extensions. Their extensions are often designed to secretly track the information you enter on the web, which the hackers can then reuse for other ill-intended purposes.

Chrome extension developers are encouraged to upload their extensions to the Chrome Web Store or use Inline Installation to keep visitors on your website. If you use neither, your users will have to follow the following five steps to get your extension:

  1. Download the extension file from the website and save it to your computer.
  2. Click the wrench icon on the browser toolbar.
  3. Select Tools > Extensions.
  4. Locate the extension file on your computer and drag the file onto the Extensions page.
  5. Review the list of permissions in the dialog that appears. If you would like to proceed, click Install.

In other words, Google wants you to use the Chrome Web Store. The reason is simple: Mountain View wants to improve the security of its browser by being able to control the extensions that can easily be added to it.

See also:

Topics: Security, Browser, Google, Software

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Google: Unapproved Chrome extensions require manual install

    Kudos to the Chrome Team.
    RickLively
  • So now ... years after everybody else ...

    ... they implement some security??

    I'm not going to congratulate teams for being very late to the game.
    wackoae
  • It's for your own good

    The walled garden always goes up two rows of bricks at a time.
    Robert Hahn