14 DAY TRIAL // Starting July, Chrome extensions that are not present in Web Store will no longer be able to be installed in any channel of Google’s web browser by either Windows or Mac users.
This security policy has already been implemented by the search giant, but only partially, as Windows developer channel still permits installation of the components from different sources.
Developers and enterprises are not impacted
The decision was made after Google observed during the past year a significant drop, of 75%, in customer support help requests for removing undesirable extensions.
Although this figure alone is representative for the positive impact the policy had, the big picture is better painted when correlated with the fact that Chrome is currently used by hundreds of millions.
However, malicious actors still had an opportunity to deliver the nefarious components to unsuspecting users by tricking them into switching to the developer channel of the web browser.
“Affected users are left with malicious extensions running on a Chrome channel they did not choose,” says Jake Leichtling, Extensions Platform Product Manager, in a blog post published on Wednesday.
For Windows users, the protection stemming from this policy on all Chrome channels has already started, while the same will be done for Mac users, at the beginning of July.
Support for local extension installation has not been restricted by Google, as developers need this feature to improve their products, as well as create new ones. Also adding them via the Enterprise policy remains unchanged.
Malicious extensions are a huge problem
The issue with malicious extensions is significant, and Google has accelerated the fight against them lately.
In a research carried out between June 1 and September 30, 2014, and published last week, it was revealed that more than 84,000 packages were used for injecting advertisements into web pages, and 30% of them carried out malicious activities; over 50,000 of the packages were Chrome extensions.
“The sad truth is that malicious extensions mucking with Chrome are by far the biggest problem we deal with today. A HUGE fraction of Chrome users are infected with such things (or worse), and it results in an enormous number of problems,” says Google software engineer Peter Kasting in a post on Google Plus.