Google to require all Windows Chrome extensions to come from Chrome Web Store

Google is making a move to control the kinds of extensions that are available for Chrome users on Windows. Today the company announced that, starting in January, all extensions to Chrome on the Windows platform must come from the Chrome Web Store.

In a post on the Chromium blog, Google says that while Chrome extensions have proven to be useful for its customers, it adds that some of them try to bypass the prompt that asks users if they want these programs to be installed. This situation causes Chrome to " ... silently install malicious extensions that override browser settings and alter the user experience in undesired ways ... " according to Google.

For those kinds of security reasons, Google has decided to force all Chrome extensions to be exclusively available on the Chrome Web Store. The blog states that any extensions that are available outside the store should be posted to Google's official service as soon as possible, adding, "There will be no impact to your users, who will still be able to use your extension as if nothing changed."

This announcement follows on the heels of Google announcing it was dropping support of Google Apps for Internet Explorer 9 users.

Source: Google via The Next Web | Image via Google

Report a problem with article
Previous Story

Microsoft narrows down the software affected by recent exploits

Next Story

Need a 4G plan with more data? Get a million-gigabyte bundle for £8m

38 Comments

Commenting is disabled on this article.

microsoft needs to close/change the API that they made available to google in good faith. they are using this to promote their app stores over microsoft's.

So when Apple does it on one of their product, it's bad (walled garden! boo!), but when it's Google doing the same on their main platform, it's OK, I guess?

a0me said,
So when Apple does it on one of their product, it's bad (walled garden! boo!), but when it's Google doing the same on their main platform, it's OK, I guess?

I know, right? It's so silly! Wrong for one, right for the other.

Spicoli said,
I think it's bad in both cases. Sorry, strawman fail.

I do not think this word means what you think it means.
Really, I think "walled gardens" are great for 99.9% of consumers, provided that there's an opt-out option for "power users."

THANK GOD!

All modern browsers should make it incredibly annoying and difficult or down-right impossible to have silent extensions and add-ons installed. So tired of cleaning "MyWebSearch", "Ask toolbars", "Coupon Printers", etc, etc etc.

Microsoft needs to mandate this as well for Windows in general. I know that 8 has the Windows store for Metro apps. However Microsoft could easily make and manage a central app/program site that you access for free to get a program. You want uTorrent? Fine, you can get it from uTorrent.com or from the Windows Program Store. The one from the Microsoft Program Store would be digitally wrapped and signed and certified free of malware, add-ons, etc. Then Windows can be set to ONLY allow installs that match the requirements from the Windows store (or not).

If you dont want to deal with that, go in and disable the setting and go and download it at any site that hosts the file. Of course this would require Microsoft to be incredibly flexible and fair about the files it decides to allow thru the store to keep down qualms about anti-competitive behavior, etc.

Hell, if MS did this and just heavily promoted it as an option for people (not a requirement and no PC settings blocking) it would go a long way to help people out. Think how deeply Skydrive and Bing are now a part of "Windows 8", why not offer software suggestions and very easy access to the Windows store (desktop programs) too.

AmazingRando said,
THANK GOD!

All modern browsers should make it incredibly annoying and difficult or down-right impossible to have silent extensions and add-ons installed. So tired of cleaning "MyWebSearch", "Ask toolbars", "Coupon Printers", etc, etc etc.

Microsoft needs to mandate this as well for Windows in general. I know that 8 has the Windows store for Metro apps. However Microsoft could easily make and manage a central app/program site that you access for free to get a program. You want uTorrent? Fine, you can get it from uTorrent.com or from the Windows Program Store. The one from the Microsoft Program Store would be digitally wrapped and signed and certified free of malware, add-ons, etc. Then Windows can be set to ONLY allow installs that match the requirements from the Windows store (or not).

If you dont want to deal with that, go in and disable the setting and go and download it at any site that hosts the file. Of course this would require Microsoft to be incredibly flexible and fair about the files it decides to allow thru the store to keep down qualms about anti-competitive behavior, etc.

Hell, if MS did this and just heavily promoted it as an option for people (not a requirement and no PC settings blocking) it would go a long way to help people out. Think how deeply Skydrive and Bing are now a part of "Windows 8", why not offer software suggestions and very easy access to the Windows store (desktop programs) too.

I guarantee you what you describe will still be possible even after January because those companies will PAY Google for that ability.

Lets be honest Google is doing this because they want just a little more control over Microsoft and the majority of the users that use Chrome are likely on Windows. The good news is somebody will fork Chrome and add back the ability to install extensions that Google decides are not worthy of their store.

Side-loading will always be supported by Google. From their post

"We'll continue to support local extension installs during development as well as installs via Enterprise policy, and Chrome Apps will also continue to be supported normally."

Just silent loading is being disabled.

Given that they actively block useful extensions like those that let you pull flash videos from sites, and those to block ads, this is a pretty dickish move.

Well they have to pad those G+ numbers some how and they've already made every YouTube user a G+ user (even if they never use G+)

So now this also kills off extensions I had to download from developers (beta, etc), stuff I put together myself for private use, along with a few that danced around Google's rules (YouTube downloaders, etc)? Was already just an alternate browser for me, that pretty much kills it off entirely.

Max Norris said,
So now this also kills off extensions I had to download from developers (beta, etc), stuff I put together myself for private use, along with a few that danced around Google's rules (YouTube downloaders, etc)? Was already just an alternate browser for me, that pretty much kills it off entirely.
It wasn't mentioned, but this will still be possible. How do you think people will be able to create extensions otherwise?

You'll probably just have to manually download/copy it over yourself.

EDIT: Here's how to do it manually: http://developer.chrome.com/ex...ns/getstarted.html#unpacked

Pluto is a Planet said,
It wasn't mentioned, but this will still be possible. How do you think people will be able to create extensions otherwise?

Dunno, but that's exactly the opposite of what the article's saying. All extensions, exclusively available on the store, etc.

Edit -- yea, I'm installing a handful now manually, the article makes it sound like this will be impossible in the future, which lead to my original post.

Max Norris said,

Dunno, but that's exactly the opposite of what the article's saying. All extensions, exclusively available on the store, etc.
From the original article: http://blog.chromium.org/2013/...s-users-from-malicious.html

"We'll continue to support local extension installs during development as well as installs via Enterprise policy, and Chrome Apps will also continue to be supported normally."

In addition, this only affects Windows. And last, I edited my original comment with how to add an extension manually.

Pluto is a Planet said,
"We'll continue to support local extension installs during development as well as installs via Enterprise policy

Ah ha, I didn't read that far into the source article, that clarifies it, thanks. (Perhaps Neowin should quote that little tidbit in this article, kind of important.) That sort of move would pretty much guarantee Chrome hitting the recycle bin on my network.

Max Norris said,

Ah ha, I didn't read that far into the source article, that clarifies it, thanks. (Perhaps Neowin should quote that little tidbit in this article, kind of important.) That sort of move would pretty much guarantee Chrome hitting the recycle bin on my network.
Yeah I often do my own fact-checking on Neowin's articles... Basically go to the source article to find the answer to a question

Google says that while Chrome extensions have proven to be useful for its customers, it adds that some of them try to bypass the prompt that asks users if they want these programs to be installed.

So instead of actually fixing the problem, make it so you can only get add ons that are in the store? This doesn't seem like a proper fix, just a lazy one

This is just Google forcing you in to their illusionary "open" world, just how they're trying to force me to use Google+ to post on Youtube now. No thanks.

They're trying to make more money. Putting it on the store may get some people to notice other paid apps and stuff. It's lazy and greedy.

If an extension is able to bypass the prompt, that's a pretty damn big security hole in Chrome.

Or... Google just wants to block YouTube downloaders, which seems like the simplest reason for store-only extensions.

Right, because Google has been so successful controlling malware on their other stores, so they will be able to do it with the Chrome Web Store.

They will at least be able to respond quickly. There is actually not all that much malware on the Play Store, I don't get where people get this from. Never encountered any and I've been using Android intensively for ages.

Ambroos said,
They will at least be able to respond quickly. There is actually not all that much malware on the Play Store, I don't get where people get this from. Never encountered any and I've been using Android intensively for ages.

...said the thousands of users, when one of companies helped to remove malware from their Android device.

There has been Android malware embedded in official Google Apps, and there is always the threat of hijacked official Google Apps by a botted router catching the update. (Even one of my personal Android devices got malware from a Google Mail App update that happened automatically.)

It is not built like WP and horrible stuff does happen through Apps and App updates.


I don't care if you love/hate Android, just be careful and use malware protection.

Mobius Enigma said,

There has been Android malware embedded in official Google Apps, and there is always the threat of hijacked official Google Apps by a botted router catching the update.

I bet you cannot give a single example. Your device DID NOT get infected from an update of an application on the Google App Store but if it did then the application itself was always malicious in the first place.

That is ridiculous. Malware embedded in Google's own apps is impossible. At installation Android checks the app signatures, an app can't update another app with the same package name if the signature doesn't match.