Chrome extensions will soon only be installed at the Chrome Web Store

Joanna Estrada
June 13, 2018

The firm will now require all Chrome extensions to be installed through the Chrome Web Store as opposed to the current status quo where websites can install Chrome extensions directly without needing to navigate away from the site.

"Inline installation" is incredibly popular with security packages to install a web scanner for "added value", but this process will now end.

In order to prove that extensions in the Chrome store are legit and the best course of action, Google has written a research paper on its extension cleansing efforts.

Initially, any Chrome extension first published from Tuesday (12 June) onwards will have auto-install blocked.

Early December will see the inline install application programming interface completely removed from Chrome version 71.

To try to squelch the problems, Google is removing the ability for websites to offer "inline installation", which lets them offer a link to an extension so you can install it without a round trip to the Chrome Web Store.

If users have to visit the Chrome Web Store instead to install extensions, malicious extensions are less likely to be installed.

Google Chrome Inline Installation
Chrome extensions will soon only be installed at the Chrome Web Store

However, extensions can often modify the experience in ways that an average user may not be able to comprehend or predict. Google mentions on its Chromium blog that they have been receiving large volumes of complaints from users about unwanted extensions causing undesirable changes in the user experience, with the biggest culprit being extensions available through inline installation on websites.

In other words, what we just said. Until now, developers who publish their apps in the Web Store could also initiate app and extension installs from their own websites.

Aware that this latter option opens up the possibility of people installing malicious extensions, Google is clamping down.

The company promised to do something against deceptive inline installations in January 2018 and revealed that fewer than 3% of extensions used deceptive or confusing install flows and that these 3% account for more than 90% of user complaints.

One of the big reasons why Google is making this move is because rogue extensions can plaster your computer with adverts or install malware.

In 2015, Google tried to prevent abuse of inline installation, specifically for extensions that employed obvious deceptive tactics.

It may be more hard for malicious actors to get users to install their extensions directly from the Web Store.

Other reports by Click Lancashire

Discuss This Article