On May 1, extensions not hosted in store will be disabled for Windows Chrome users

Martin Brinkmann
Feb 27, 2014
Updated • Feb 27, 2014
Google Chrome, Google Chrome extensions
|
24

Google Chrome has powerful extension support that is second only to Firefox's in the browsing world. Up until now, Chrome users were allowed to install extensions from the official Chrome Web Store, and also from third-party sources.

A third-party source in this regard is any website that is not the Chrome Web Store. This includes userscripts on Userscripts.org, or the popular Media Hint extension that enables you to bypass country restrictions on select media sites on the Internet.

One of the reasons why those extensions and scripts are not offered on the official store is that they fall short when it comes to Google Store policies.

Google announced back in November that it would require all extensions to be hosted on the company's web store. The reason Google gave was that it would improve the security for its users.

More precise, for its Windows users as it decided to enforce that rule only for Chrome Stable and Beta users. The restriction rolled out to the beta channel recently, and users may have received already the notorious "suspicious extensions disabled" warning in their web browser.

The company announced yesterday that it will enable the security feature on May 1, 2014 for Chrome stable users on Windows systems.

The consequence here is that come that day, all extensions that are installed by Chrome Stable users that are not hosted on the Chrome Web Store will be disabled automatically by the company.

And since some extensions cannot be hosted on the store due to the store policies, users won't be able to make use of them at all anymore unless they switch to the Chrome Dev or Canary channels on Windows, or use Chrome on Linux or Mac systems instead.

Check out this tutorial on how to upgrade Chrome to Dev or Canary.

There are two workarounds available that Google designed for Enterprise and Business environments. Extensions can still be loaded via group policy or developer mode.

The easier one of the two is the developer mode option. What you need to do here is download the Chrome extension .crx file to your system and unpack it using a program like 7-Zip. To do so, install 7-Zip first, then right-click on the extension file and select to extract it to your system.

Open chrome://extensions/ afterwards, check the "Developer mode" box on the page, and select to "load unpacked extensions". A file browser opens that you use to pick the folder of the extracted extension.

Closing Words

So why is Google making that change? It is true that this will block most malicious extension installations provided that those extensions won't be accepted in the Chrome Web Store.

But that is only half of it. The move gives Google full control over the extension offerings for the browser. Since it creates the policies, it controls which extensions users can install and which they won't be able to install.

While it is possible to switch to an unaffected channel or operating system, it is likely that this will impact extension developers who cannot host their extension in the official store significantly.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. steve said on August 9, 2014 at 2:39 pm
    Reply

    By no meanings Google owns extensions they are developed from user’s for user’s some sort of ! I think that google has no right to make such restrictions legally speaking. But Google restricts it only to google chrome browser which has built in monitoring recording and other user surveillance features ! So Google policy is if we can not control user they do not get any extensions for flavors of Chrome based browsers ! Someone should sue their sorry ass !!! They do not get enough information from user and want total control so NSA can real time record and monitor with it and they sell our data to others without asking user if they have user rights to do so !!! Google to close it down with user’s security improve claim – sort of ! Who believe this shit ? I don’t ! User’s will run away from google and they should ! EU would have encrypted search engines on territory of eu so google will loose their prime !

  2. Blue said on May 1, 2014 at 11:09 pm
    Reply

    It’s now May 1st, and the 3 of the 4 extensions I use that do not come from the Google store are still working fine. Hmm.. I have Developer mode turned on… one of my extension requires it to be turned on. Maybe that’s the reason most still work. The 4th one is an APK downloader for Android apps. That is the only one that stopped working.

    1. Martin Brinkmann said on May 1, 2014 at 11:15 pm
      Reply

      Which version of Chrome are you running?

  3. Dirtdawg said on March 8, 2014 at 4:34 am
    Reply

    Will other Chromuim based browsers be affected or just Google Chrome?

    1. Martin Brinkmann said on March 8, 2014 at 7:59 am
      Reply

      Just Google Chrome.

      1. Dirtdawg said on March 8, 2014 at 7:34 pm
        Reply

        Good, Thanks for the reply.

  4. Marlon Orozco Baños said on March 1, 2014 at 2:37 am
    Reply

    So, will Mozilla do the same? It appears that copying restrictions policies from Google is a thing for them now.

    1. Gonzo said on March 2, 2014 at 3:07 am
      Reply

      Unlike Google Chrome where only part of it (Chromium) is developed in the open, Firefox is fully developed in the open. This is why FF forks are potentially 100% compatible with Mozilla FF and Chromium forks are not. Chromium also lacks an official stable binary build for Windows.

      Mozilla would first have to close off parts of Firefox for such a move to have any real impact. There’s word that Mozilla is working on their own version of Flash similar to Pepper in Chrome. If they decide to follow Google down this filthy path this where they’ll start, imo. Then they can start playing gawd with Extensions.

  5. mtbink.com said on February 28, 2014 at 1:25 am
    Reply

    I hope Google will not remove side-loading feature of Android APK and force all Android APK must comes from Google Play Store “to improve the security for its users” :(

  6. Kneyfield said on February 27, 2014 at 9:32 pm
    Reply

    The control Google exerts over its Chrome users is now almost total. There’s nothing more to say.

  7. a2thec said on February 27, 2014 at 8:17 pm
    Reply

    What this all boils down to is, adblock, plain and simple. $$$

    1. Anonymous said on February 28, 2014 at 8:05 pm
      Reply

      How? Adblock is on the google extension page. This won’t remove it from Chrome.

  8. Xmetal said on February 27, 2014 at 8:06 pm
    Reply

    This seems to have been covered by a fast look at the comments but … “why not use Chromium” (other than testing my site, i dont use any Chrome-based browser for regular use) … In Linux there are a few distros that have “Google Chrome” and all of them that I have tried (on another great one Manjaro, as I type this) all use Chromium which is WHAT Google’s Chrome is based on anyway.

    This is the sort of reason (the Google wanting more personal info then other sites and wanting to control everything ) why i stopped using google search and dont have any google products installed on any of my machines

    -Xmetalfanx

  9. blue.bsod said on February 27, 2014 at 7:30 pm
    Reply

    I’m wondering why are they singling out Windows users instead of chopping them all off. When my computer is down, I use a Linux based machine (Ubuntu) and I set it up like my Windows one with Chrome / Chromium and all the extensions I use in Windows. There are a few extensions that don’t seem to work in Chromium so I used others that did a similar or better job like the simple pop-up blocker extension wouldn’t work properly in Chromium so I used “Safe Script”, which is basically like Firefox’s, “No Script”.

    To the extent of off Google added extensions. I often use the FVD downloader, which used to be in the store but no longer though oddly enough their own site refers to the store with the link to install it from there. Something about their extension violates several site policies so isn’t allow in the store. I got the CRX files from the author’s site. Also though I could use it in Ubuntu, I couldn’t use the newest version (5.6.5 and luckily I still had an older version saved 5.0.1). So really it is a mystery why Windows is being singled out seeing their main product runs in Windows. So are they removing their, “open source”, policy as well?

  10. devious said on February 27, 2014 at 4:46 pm
    Reply

    So what about browsers like coowon, coolnovo, comodo dragon etc does this apply to them too?
    Also what about tampermonkey and other script managers do you think they will be still of use seeing as they use userscripts which have been deemed unsafe?

  11. InterestedBystander said on February 27, 2014 at 3:50 pm
    Reply

    Isn’t this exactly what Microsoft does with Modern apps? And what Apple does for iOS apps? There are workarounds for both — eg, registry tweaks in Windows or jailbreaking iOS — but the issues seem the same: the corporation attempts to disallow installation of unvetted apps or browser extensions poses a security risk.

    In the broad sense, this dilemma has been around as long as PCs. Executables from untrusted sources are even more risky than untrusted apps and extensions, but control of that ecosystem has long passed from anyone’s control. Heck, the use of secure boot via uefi addresses exactly the same dilemma at the operating system level: it restricts choice of operating systems to those which are “approved” by the secure boot programming.

    So I see both sides. There is a real and fairly well-documented security risk that Microsoft, Apple, Google, Mozilla, (and others on the Linux side, with their approved-application repositories) are all trying to address. And this can excuse an authoritarian lock-down on user choices, which I dislike quite a lot.

    1. Martin Brinkmann said on February 27, 2014 at 3:53 pm
      Reply

      Well, most users will compare that to how Mozilla handles things, and not how apps are handled on iOS, Android or Windows platforms.

      1. InterestedBystander said on February 27, 2014 at 4:09 pm
        Reply

        Agreed! That’s the first-level comparison. And the one users will make. I’m intrigued by the dynamic between user choice and security risks as a high-level dilemma, though.

  12. Sylvio Haas said on February 27, 2014 at 3:09 pm
    Reply

    What will happen with security devices such as
    Norton Identity Safe toolbar and others alike?
    Thank you.

    1. Martin Brinkmann said on February 27, 2014 at 3:19 pm
      Reply

      If they are not added to store by their parent company, they will stop working.

      1. Sylvio Haas said on February 27, 2014 at 8:20 pm
        Reply

        Thank you.

  13. sades said on February 27, 2014 at 2:50 pm
    Reply

    Do no evil, just dystopian.

    lol google.

  14. nonqu said on February 27, 2014 at 2:07 pm
    Reply

    As if all the extensions hosted on Chrome Web Store were safe… This seems to be more of a PR move and control scheme than an actual attempt to make the browser more secure.

    Btw. Hadn’t Mozilla discussed doing the same? Those companies give the impression of wanting all their users to switch to some forks.

  15. Nebulus said on February 27, 2014 at 12:10 pm
    Reply

    This obsession for control that Google is pushing forward makes me sick. Also, this is the reason I will never ever use their “walled-garden”, privacy invading browser.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.