14 DAY TRIAL // Google is banning all non-Chrome Web Store extensions on Windows to prevent malicious ones from being installed silently. This may seem like a radical step and like Google forcing developers to use the Web Store exclusively, but there will still be some flexibility.
"Many services bundle useful companion extensions, which causes Chrome to ask whether you want to install them (or not)," Google writes.
"However, bad actors have abused this mechanism, bypassing the prompt to silently install malicious extensions that override browser settings and alter the user experience in undesired ways, such as replacing the New Tab Page without approval. In fact, this is a leading cause of complaints from our Windows users," the company explains.
It is true that tool bars and annoying extensions have been the bane of many browser users. Mozilla has also taken some steps to prevent third-party apps from installing extensions in Firefox without user approval.
Bug Google is taking a major step and won't allow any extension that is not available in the Web Store to be installed. The idea is that, to get in the Web Store, the developers and the extensions must be vetted.
As of January 2014, Chrome beta and stable users won't be able to install an extension that is not in the Web Store. It looks like dev channel users are getting an exception, the logic being that these users are early adopters or developers and usually know what they are doing.
However, not everyone wants to host their extensions in the Web Store, for various reasons. This is why there will be several exceptions to the rules. Unpacked extensions used by developers will still be allowed to be installed locally.
Administrators in enterprise environments will also be able to install any extension they want. What's more, the new restrictions only apply to extensions and not Chrome Apps.
Developers who prefer to offer extensions via their sites will continue to do so. Users will be able to visit the sites and install the extension then and there, as long as it is also available in the Web Store. But developers can even hide it in there, so it is only discoverable on their sites.