On May 1, extensions not hosted in store will be disabled for Windows Chrome users

Advertisement

Google Chrome has powerful extension support that is second only to Firefox's in the browsing world. Up until now, Chrome users were allowed to install extensions from the official Chrome Web Store, and also from third-party sources.

A third-party source in this regard is any website that is not the Chrome Web Store. This includes userscripts on Userscripts.org, or the popular Media Hint extension that enables you to bypass country restrictions on select media sites on the Internet.

One of the reasons why those extensions and scripts are not offered on the official store is that they fall short when it comes to Google Store policies.

Google announced back in November that it would require all extensions to be hosted on the company's web store. The reason Google gave was that it would improve the security for its users.

More precise, for its Windows users as it decided to enforce that rule only for Chrome Stable and Beta users. The restriction rolled out to the beta channel recently, and users may have received already the notorious "suspicious extensions disabled" warning in their web browser.

suspicious extension disabled

The company announced yesterday that it will enable the security feature on May 1, 2014 for Chrome stable users on Windows systems.

The consequence here is that come that day, all extensions that are installed by Chrome Stable users that are not hosted on the Chrome Web Store will be disabled automatically by the company.

And since some extensions cannot be hosted on the store due to the store policies, users won't be able to make use of them at all anymore unless they switch to the Chrome Dev or Canary channels on Windows, or use Chrome on Linux or Mac systems instead.

Check out this tutorial on how to upgrade Chrome to Dev or Canary.

There are two workarounds available that Google designed for Enterprise and Business environments. Extensions can still be loaded via group policy or developer mode.

The easier one of the two is the developer mode option. What you need to do here is download the Chrome extension .crx file to your system and unpack it using a program like 7-Zip. To do so, install 7-Zip first, then right-click on the extension file and select to extract it to your system.

Open chrome://extensions/ afterwards, check the "Developer mode" box on the page, and select to "load unpacked extensions". A file browser opens that you use to pick the folder of the extracted extension.

Closing Words

So why is Google making that change? It is true that this will block most malicious extension installations provided that those extensions won't be accepted in the Chrome Web Store.

But that is only half of it. The move gives Google full control over the extension offerings for the browser. Since it creates the policies, it controls which extensions users can install and which they won't be able to install.

While it is possible to switch to an unaffected channel or operating system, it is likely that this will impact extension developers who cannot host their extension in the official store significantly.

Please share this article

facebooktwittergoogle_plusredditlinkedinmail

Advertisement

Filed under:

Responses to On May 1, extensions not hosted in store will be disabled for Windows Chrome users

  1. Nebulus February 27, 2014 at 12:10 pm #

    This obsession for control that Google is pushing forward makes me sick. Also, this is the reason I will never ever use their "walled-garden", privacy invading browser.

  2. nonqu February 27, 2014 at 2:07 pm #

    As if all the extensions hosted on Chrome Web Store were safe... This seems to be more of a PR move and control scheme than an actual attempt to make the browser more secure.

    Btw. Hadn't Mozilla discussed doing the same? Those companies give the impression of wanting all their users to switch to some forks.

  3. sades February 27, 2014 at 2:50 pm #

    Do no evil, just dystopian.

    lol google.

  4. Sylvio Haas February 27, 2014 at 3:09 pm #

    What will happen with security devices such as
    Norton Identity Safe toolbar and others alike?
    Thank you.

    • Martin Brinkmann February 27, 2014 at 3:19 pm #

      If they are not added to store by their parent company, they will stop working.

      • Sylvio Haas February 27, 2014 at 8:20 pm #

        Thank you.

  5. InterestedBystander February 27, 2014 at 3:50 pm #

    Isn't this exactly what Microsoft does with Modern apps? And what Apple does for iOS apps? There are workarounds for both -- eg, registry tweaks in Windows or jailbreaking iOS -- but the issues seem the same: the corporation attempts to disallow installation of unvetted apps or browser extensions poses a security risk.

    In the broad sense, this dilemma has been around as long as PCs. Executables from untrusted sources are even more risky than untrusted apps and extensions, but control of that ecosystem has long passed from anyone's control. Heck, the use of secure boot via uefi addresses exactly the same dilemma at the operating system level: it restricts choice of operating systems to those which are "approved" by the secure boot programming.

    So I see both sides. There is a real and fairly well-documented security risk that Microsoft, Apple, Google, Mozilla, (and others on the Linux side, with their approved-application repositories) are all trying to address. And this can excuse an authoritarian lock-down on user choices, which I dislike quite a lot.

    • Martin Brinkmann February 27, 2014 at 3:53 pm #

      Well, most users will compare that to how Mozilla handles things, and not how apps are handled on iOS, Android or Windows platforms.

      • InterestedBystander February 27, 2014 at 4:09 pm #

        Agreed! That's the first-level comparison. And the one users will make. I'm intrigued by the dynamic between user choice and security risks as a high-level dilemma, though.

  6. devious February 27, 2014 at 4:46 pm #

    So what about browsers like coowon, coolnovo, comodo dragon etc does this apply to them too?
    Also what about tampermonkey and other script managers do you think they will be still of use seeing as they use userscripts which have been deemed unsafe?

  7. blue.bsod February 27, 2014 at 7:30 pm #

    I'm wondering why are they singling out Windows users instead of chopping them all off. When my computer is down, I use a Linux based machine (Ubuntu) and I set it up like my Windows one with Chrome / Chromium and all the extensions I use in Windows. There are a few extensions that don't seem to work in Chromium so I used others that did a similar or better job like the simple pop-up blocker extension wouldn't work properly in Chromium so I used "Safe Script", which is basically like Firefox's, "No Script".

    To the extent of off Google added extensions. I often use the FVD downloader, which used to be in the store but no longer though oddly enough their own site refers to the store with the link to install it from there. Something about their extension violates several site policies so isn't allow in the store. I got the CRX files from the author's site. Also though I could use it in Ubuntu, I couldn't use the newest version (5.6.5 and luckily I still had an older version saved 5.0.1). So really it is a mystery why Windows is being singled out seeing their main product runs in Windows. So are they removing their, "open source", policy as well?

  8. Xmetal February 27, 2014 at 8:06 pm #

    This seems to have been covered by a fast look at the comments but ... "why not use Chromium" (other than testing my site, i dont use any Chrome-based browser for regular use) ... In Linux there are a few distros that have "Google Chrome" and all of them that I have tried (on another great one Manjaro, as I type this) all use Chromium which is WHAT Google's Chrome is based on anyway.

    This is the sort of reason (the Google wanting more personal info then other sites and wanting to control everything ) why i stopped using google search and dont have any google products installed on any of my machines

    -Xmetalfanx

  9. a2thec February 27, 2014 at 8:17 pm #

    What this all boils down to is, adblock, plain and simple. $$$

    • Anonymous February 28, 2014 at 8:05 pm #

      How? Adblock is on the google extension page. This won't remove it from Chrome.

  10. Kneyfield February 27, 2014 at 9:32 pm #

    The control Google exerts over its Chrome users is now almost total. There's nothing more to say.

  11. mtbink.com February 28, 2014 at 1:25 am #

    I hope Google will not remove side-loading feature of Android APK and force all Android APK must comes from Google Play Store "to improve the security for its users" :(

  12. Marlon Orozco BaƱos March 1, 2014 at 2:37 am #

    So, will Mozilla do the same? It appears that copying restrictions policies from Google is a thing for them now.

    • Gonzo March 2, 2014 at 3:07 am #

      Unlike Google Chrome where only part of it (Chromium) is developed in the open, Firefox is fully developed in the open. This is why FF forks are potentially 100% compatible with Mozilla FF and Chromium forks are not. Chromium also lacks an official stable binary build for Windows.

      Mozilla would first have to close off parts of Firefox for such a move to have any real impact. There's word that Mozilla is working on their own version of Flash similar to Pepper in Chrome. If they decide to follow Google down this filthy path this where they'll start, imo. Then they can start playing gawd with Extensions.

  13. Dirtdawg March 8, 2014 at 4:34 am #

    Will other Chromuim based browsers be affected or just Google Chrome?

    • Martin Brinkmann March 8, 2014 at 7:59 am #

      Just Google Chrome.

      • Dirtdawg March 8, 2014 at 7:34 pm #

        Good, Thanks for the reply.

  14. Blue May 1, 2014 at 11:09 pm #

    It's now May 1st, and the 3 of the 4 extensions I use that do not come from the Google store are still working fine. Hmm.. I have Developer mode turned on... one of my extension requires it to be turned on. Maybe that's the reason most still work. The 4th one is an APK downloader for Android apps. That is the only one that stopped working.

Leave a Reply