Protecting Chrome users from malicious extensions
May 27th, 2014 | Published in Google Chrome
We’re constantly working to keep Chrome users safe as they browse, with built-in features like Safe Browsing, which blocks many types of malicious websites and downloads. In the case that malicious software has managed to hijack your settings, we've added a “reset browser settings” button, so you can get things back to normal. But since the bad guys continue to come up with new ways to cause our users headaches, we are always taking additional measures. We previously announced that we’re making it more difficult for malware to secretly install unwanted Chrome extensions. Starting today, we’ll start enforcing this policy.
Malware can change how browsers work by silently installing extensions on your machine that do things like inject ads or track your browsing activity. If you notice strange ads, broken web pages or sluggish browsing after installing some new software or plugins, you could be affected.
From now on, to protect Windows users from this kind of attack, extensions can be installed only if they're hosted on the Chrome Web Store. With this change, extensions that were previously installed may be automatically disabled and cannot be re-enabled or re-installed until they're hosted in the Chrome Web Store.
For developers, we’ll continue to support local extension installs during development as well as installs via Enterprise policy. And if you have a dedicated installation flow from your own website, you can make use of the existing inline installs feature. Windows developer channel users, as well as those on other operating systems, are unaffected by these changes.
You can reach out to us in our support forums if you're running into problems, or if you think an extension was disabled incorrectly. If you're a developer and your extension isn't in the store yet, please submit it today. This is just one more step we are taking to make sure our users can browse safely, and enjoy all the Web has to offer without worrying.
Posted by Erik Kay, Engineering Director
Malware can change how browsers work by silently installing extensions on your machine that do things like inject ads or track your browsing activity. If you notice strange ads, broken web pages or sluggish browsing after installing some new software or plugins, you could be affected.
From now on, to protect Windows users from this kind of attack, extensions can be installed only if they're hosted on the Chrome Web Store. With this change, extensions that were previously installed may be automatically disabled and cannot be re-enabled or re-installed until they're hosted in the Chrome Web Store.
For developers, we’ll continue to support local extension installs during development as well as installs via Enterprise policy. And if you have a dedicated installation flow from your own website, you can make use of the existing inline installs feature. Windows developer channel users, as well as those on other operating systems, are unaffected by these changes.
You can reach out to us in our support forums if you're running into problems, or if you think an extension was disabled incorrectly. If you're a developer and your extension isn't in the store yet, please submit it today. This is just one more step we are taking to make sure our users can browse safely, and enjoy all the Web has to offer without worrying.
Posted by Erik Kay, Engineering Director