Google to block third party extension installations in Chrome Stable and Beta on Windows

Martin Brinkmann
Nov 7, 2013
Updated • Nov 7, 2013
Google Chrome
|
20

If you are trying to install a browser extension for the Chrome web browser that is not offered on the official Chrome Web Store but a third party website, you will receive a notification that the installation of the extension has been blocked.

The same is true for userscripts that you may want to install in Chrome.

It is currently possible to install those extensions, but it requires a manual workaround for that. The extension gets downloaded to the local system, and can be installed from there to the Chrome browser by dragging and dropping it to the extension manager in Chrome.

Google does this to protect users of the browser, as malicious extensions get distributed on third party sites almost exclusively. Recently, the company began to scan extensions that users wanted to install in the browser to warn them if malicious code was found in them.

The company announced today that it will block all third party extension installations to Chrome Stable and Beta on Windows.

What this means is that users running the stable or beta version of Chrome on Windows won't be able to install third party extensions anymore. Basically, any extension not offered in the Chrome Web Store won't be available to them.

While that means malicious extensions, it also means any extension that cannot be offered on the web store which is usually the case when it does not comply with all store policies.

Yes, this includes media download extensions like Media Hint and a couple of other popular extensions. While it is still possible to install and use those extensions in Chrome Dev or Canary, or Chromium for that matter and maybe even Opera, it is certainly a welcome side-effect of the policy change in the eyes of Google.

It is not clear if userscripts fall under the policy, or if they are exempt from it. That remains to be seen once the change is made.

Google notes that the change will go live in January 2014, and that developers have options to hide extensions in the store.  Local extension installations during development, Enterprise installations, and Chrome Apps will continue to work normally according to the blog post on the Chromium blog.

Existing extensions will continue to work just like before, but it is not clear how updates are handled.

Chrome users on Windows who rely on third party extensions may want to switch to a channel that is not affected by the new security policy, or switch browsers altogether instead.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. David S. said on June 24, 2014 at 12:09 am
    Reply

    I tried to use the web store using Maple Studios CoolNovo which is a chromium browser, and I tried to install some of the apps and extensions, and it tried to forced me to download Chrome. I had it on my last hard drive, and it messed it all up. I will never use their crummy browser. Now, I am blocked out of using the web store, and cannot download any of the apps and extensions there. Since the browser that I am using does not have Chrome blocking offsite installments. Maybe I can try, and get them from other places.

  2. penemuel said on June 16, 2014 at 5:33 pm
    Reply

    I didn’t know about this because I hadn’t been using Chrome for a while. Went back to it recently and this week got the info that a “third party extension” I had had been disabled. The problem is, that third party “extension” is part of software that I purchased. It’s not an extension downloaded from some site or anything like that. There IS no .crx file that I can find because it’s not that kind of extension.

    Comments on the Google forums and feedback directly to Chrome’s support site has been answered by the distant chirping of crickets.

    As far as I’m concerned, it’s back to FF (and a new download of Safari, for those websites that just don’t play well on FF), and Google owes me 1/3 of the purchase price of the software since they are the ones who have crippled it.

  3. Angry probably ex-Chromium user said on June 15, 2014 at 9:02 am
    Reply

    I find this sort of behaviour utter nonsense. And this is all due to the simple fact that they want to be fed with money more and more (entry fee for extensions even if the extensions are free of charge). This and more control over what’s running inside your Chrome/Chromium. Well, here is the thing – Chrome/Chromium lack some basic functionality, which is already there in other browsers (such as loading tabs on demand preventing your startup to turn into a total nightmare especially with multiple YouTube tabs that (in Chrome/Chromium) simply load at the same time and start playing) and which as it seems will be missing for a very long time. Some of this functionality can be regained by using the apps in the store. However there are some issues (such as the loading tabs on demand) that are not fixable due to the lack of apps in the OFFICIAL store. I started using Chromium as a backup browser next to my main one – Firefox. Obviously I will have to dump its sorry ass for the lack of understanding towards its userbase.

    PS: Manually downloading CRX files to the local drive does not work anymore. Chrome/Chromium tells you that you cannot install apps etc. from this website.

  4. rpwheeler said on November 10, 2013 at 11:39 pm
    Reply

    Outraged by this.

    Every browser trying to control what I can and can’t install won’t be my browser of choice. So, this change means that I have to found other browser, which doesn’t attempt to control what I install.

  5. charlie said on November 10, 2013 at 3:37 pm
    Reply

    LastPass upgrades install a plug-in to the Chrome browser. Would LastPass have to start distributing its Chrome plugin upgrades via the Chrome Web Store?

  6. Gregg DesElms said on November 8, 2013 at 11:21 pm
    Reply

    Okay, I’m sorry, I’m still a little confused.

    Up ’til now, as the article points-out, one could download the .CRX file to one’s local hard drive; then open the “extensions” page in a tab in Chrome; then drag the .CRX file from Windows Explorer over to said opened “extensions” page…

    …and, voila!, the extension is installed… even though it’s not from the Chrome store.

    Is this changing? I mean, will that procedure no longer work starting in January 2014?

    If so, then all the more reason to use SR Ware’s IRON browser…

    SEE | http://bit.ly/Io1Sw8

    …especially, in my case, the portable version (since other than possibly the one from PortrableApps.com, there’s really no good portable Chrome out there). IRON is the hands-down most-like-Chrome Chromium implementation out there; and it’s most salient benefit is that it does away with all of the privacy violations that Google builds-in to Chrome.

    SEE | http://bit.ly/TxxKOf

    Comodo’s “Dragon” browser is another very privacy-conscious Chromium implementation, but it’s nowhere near as good as SR Ware’s. Plus, Comodo has been known to let Dragon get several major revision levels behind Chrome. IRON, on the other hand, tends to only be a few weeks, at most (usually a lot less), behind Chrome’s release of a major version number.

    If Google does, indeed, make it so that one may not install third-party extensions even by the “drag onto the ‘extensions’ page” method, then IRON, in my opinion, will be the only game in town It kinda’ already is, in my opinion; but that will just tip it in.

    __________________________________
    Gregg L. DesElms
    Napa, California USA
    gregg at greggdeselms dot com

    1. Ben said on December 5, 2013 at 4:32 pm
      Reply

      The fact you’re not 100% sure is in itself a problem. They should’ve clearly announced this to all Chrome users way in advance before pushing it down our throats. Some people’s livelihood depends on external extensions working…

    2. Martin Brinkmann said on November 8, 2013 at 11:33 pm
      Reply

      Yes, this will not work any longer in Stable and Beta Chrome.

  7. anon said on November 8, 2013 at 6:29 pm
    Reply

    “Do no good”

  8. insanelyapple said on November 8, 2013 at 12:41 pm
    Reply

    And i can predict their next move after this one: user will be not able to use Chrome extensions without Google account.

  9. miro said on November 8, 2013 at 10:49 am
    Reply

    I wonder when the likes of Adblock extension block

  10. hum said on November 8, 2013 at 9:40 am
    Reply

    Walled Gardens everywhere.

  11. Flubber said on November 8, 2013 at 9:34 am
    Reply

    And hello again Firefox, been a long time but you’re doing the same… What to do?

  12. Nebulus said on November 8, 2013 at 9:13 am
    Reply

    “Google does this to protect users of the browser[…]”. No, Google does this because they want full control over what users do. I’m not using Chrome, and I will never use it, but it seems that this “hunger” for control started to spread to other products/companies as well (see the article about Mozilla AMO)…

  13. Summa said on November 8, 2013 at 2:01 am
    Reply

    Tonec, Inc. (developers of Internet Download Manager) will be affected much by the annoying Chrome announcement. their possible workaround: Make the IDM extension live on the Chrome Web Store.

    Meanwhile, those who still want to publish their legit Chrome extensions to the Chrome Web Store may be forced to distribute them as archive files.

  14. Anonymous said on November 7, 2013 at 11:35 pm
    Reply

    Simply another idiotic move on Google’s part. First the whole YouTube changes and now this b*****t with Chrome blocking Third Party Extensions. I grab many extensions from UserScript and test many of them as a developer. How can I test them if future Chrome browsers will block them.

  15. InterestedBystander said on November 7, 2013 at 11:31 pm
    Reply

    Yes; not too much surprise. Mozilla addon file registration system, here on gHacks a few days ago. Mozilla, now Google.

    It would (will?) be interesting to see more open-source development (think SourceForge) in the app world. In my admittedly limited knowledge there seems to be less malicious cruft there than in other download sectors. Because open code is community-driven? Because it’s visible to anyone with the expertise to vet it? Because it tends to be user-driven instead of profit-driven? I dunno. Maybe not?

  16. imu said on November 7, 2013 at 10:44 pm
    Reply

    …and yet I perfectly understand Google’s point of view as they want chromebook to be bullet proof.

  17. imu said on November 7, 2013 at 9:38 pm
    Reply

    That’s why I stick to Firefox 23.01 and now I’m gonna stick to chrome 30 (thanks Martin) since I use Sandboxie and Noscript I don’t care for security updates every next version suppose to bring cos what I see instead is that they all taking away stuff I like and got used to.

    BTW.Thanks for before Martin,I solved the issue by deleting those two keys from reg.
    Have you ever considered having a forum at ghacks.net?

    1. Martin Brinkmann said on November 7, 2013 at 10:10 pm
      Reply

      We had a forum before but it did not work out, too much work.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.