Google’s Chrome web browser will block the installation of extensions, apps and user scripts hosted on third party servers.
In the future, developers will have to submit their extensions for inclusion in the Chrome Web Store, where Google will check all files for malicious functionality.
Until now, developers have been able to host Chrome extensions on their own servers. This had the advantage of having updates could be available for installation immediately after uploading; also developers did not have to adhere to Google’s terms and conditions for using the Chrome Web Store.
The problem was, Google said, bad guys were using the capability at a higher rate to spread malicious extensions able to perform functions such as stealing data entered on web pages. This meant the company was not in a position to easily block these malicious extensions.
The latest stable version of Chrome, 20.0.1132.57, still allows the installation of extensions hosted by third parties, but this is likely to change with the next update. Version 21.0.1180.41, currently in beta, blocks installation of third party extensions and points users in the direction of the Chrome Web Store. Even after downloading a third party extension, we were not able to install it on this version.
Google offers an inline installation option for developers who do not want to send their users to the Chrome Web Store; this allows installation of an extension hosted in the Chrome Web Store to initiate from an external web site.