Google is rolling out a new policy that will force all Windows and Mac users to install Chrome extensions only from the Chrome Web store.
The company last year began enforcing this policy for Windows users on the main, stable channel for Chrome. Google offers several different channels for Chrome users, depending upon their tolerance for bugs and features that aren’t ready for prime time. Chrome has developer, beta, and stable channels, and Google has been enforcing this policy on its stable channel for Windows users since May 2014.
Now, the company says it will begin enforcing it on all channels, for all Chrome users. The reason for the change is that Google engineers have seen attackers taking advantage of the fact that users on the developer channel could still install extensions from other sources.
“We originally did not enforce this policy on the Windows developer channel in order to allow developers to opt out. Unfortunately, we’ve since observed malicious software forcing users into the developer channel in order to install unwanted off-store extensions. Affected users are left with malicious extensions running on a Chrome channel they did not choose. As such, starting today we will begin enforcing this policy on all Windows channels. Mac will soon follow, with enforcement for all channels beginning in July 2015,” Jake Leichtling, extensions platform product manager at Google, said in a blog post explaining the change.
For the time being, Google will allow developers to install extensions locally during the development phase, and installations through Enterprise Policy also will be allowed.
“The extension platform unlocks powerful features that can help users get the most out of Chrome. However, it is crucial that our users stay safe from the reaches of malicious software developers. Extending this protection is one more step to ensure that users of Chrome can enjoy all the web has to offer without the need to worry as they browse,” Leichtling said.