Google expands non-Store extension installation policy to all Windows channels

Martin Brinkmann
May 14, 2015
Updated • May 14, 2015
Google Chrome

Google announced today that it made the decision to expand its non-Store extension installation policy to all Windows versions of the Chrome browser.

The company started to enforce the policy back in May 2014 for Chrome Stable and Beta on Windows but not on the Developer and Canary channels.

Back then, users on the stable or beta channel received notifications that unsupported extensions were disabled which meant that the browser had disabled all extensions not installed from the Chrome Web Store on launch.

While Google noticed a 75% drop in customer support help requests regarding uninstalling unwanted extensions afterwards from users of those channels, it did notice that malicious software forced "users into the developer channel in order to install unwanted off-store extensions".

That's the main reason why the company is expanding the off-store policy to all Windows channels and to Mac systems in July 2015.

suspicious extension disabled

It is rather interesting that Google believes that malicious extensions forced users to move to developer channels of the browser and not the company's policy that blocked off-store extensions from being installed to stable or beta channels of the browser.

It appears likely that at least some of those Chrome users moved to developer or canary channels of the browser to continue using extensions that are not offered in store.

How to install off-store extensions in Chrome

chrome off-store extensions

There are still two methods to install extensions in Google Chrome that are not hosted on the official store or provided as a direct Chrome extensions file:

  1. Using Enterprise policies. Designed for enterprise environments, it allows administrators to deploy Chrome extensions using Group Policies or master_preferences. Check out our guide on installing the Chrome policies on Windows.
  2. Installation as local extensions which is mainly designed for developers of Chrome extensions. The method is not complicated but it requires some work on the user's part. Basically, you need to have the Chrome extensions file with the extension crx on your system already. Extract it using a program like Bandizip or 7-Zip, and open chrome://extensions afterwards. Check the "Developer Mode" box at the top of the page and click "load unpacked extension" afterwards. Browse to the folder that you have extracted the extension to and select it to load the extension in Chrome.

Another option that Chrome users have is to migrate to the Chromium browser or another third-party browser based on Chromium that don't enforce the policy.

The move locks down extensions even more than before. While the move will have an impact on the distribution of malicious extensions on those channels, it is giving Google more control.

The option to install extensions that are not hosted on the web store is not removed from the browser but the process is not as straight forward as clicking on two buttons anymore. Chrome users who want to install off-store extensions can still do so.

The move won't protect users fully from malicious extensions though. Recently, sites dropped malicious extensions on users that were uploaded to the Web Store.

Now You: Are you affected by the move? What's your take on it?


Google expands non-Store extension installation policy to all Windows channels
Article Name
Google expands non-Store extension installation policy to all Windows channels
Google announced that it will expand its off-store Chrome extensions installation policy to all Windows and Mac channels of the browser.

Previous Post: «
Next Post: «


  1. ryan said on May 16, 2015 at 8:44 am

    THANK YOU for this article. I installed canary specifically to keep an “off store” app running in chrome and then they decide to auto disable them in canary too! Really, fuck google on this issue. The work around described here works perfectly, however, so thank you, Martin.

  2. Rook said on May 15, 2015 at 6:01 pm

    Guess no more youtube center. That method to load extensions worked, but does it require you to enable the extension again EVERY TIME you boot chrome, like the stable channel does?

    1. Martin Brinkmann said on May 15, 2015 at 6:17 pm

      No they remain enabled but you do receive a prompt when you start Chrome.

  3. nonqu said on May 14, 2015 at 7:04 pm

    Opera is a good alternative for people that want to use non-official add-ons such as All Mangas Reader. This is what made me even give Opera a try and it turned out to be surprisingly good. Not good enough to be the first choice browser yet, but if Mozilla keeps making Firefox worse it’s good to have a valid alternative.

  4. ohwell said on May 14, 2015 at 1:32 pm

    Not using chrome, nor will I ever be, but hope that vivaldi won’t enforce this idiocy ever.

  5. mike said on May 14, 2015 at 12:10 pm

    I was on Canary until recently. I use the now-discontinued Chromoji iOS emoji display extension (which is still by far the best) installed via the .crx file. Don’t know if it’ll be automatically removed. Bookmarking this article just in case. Can always switch to Canary, of course.

  6. Rocky said on May 14, 2015 at 10:44 am

    Not sure I can see any problem with this – anybody with a little tech knowledge (those who are most likely to install extensions in any case ) can still install via the zip and install in developer mode. For those who are “click anything that looks nice” they are now less likely to install malicious extensions.

    1. Nebulus said on May 14, 2015 at 8:03 pm

      There is a big problem: it is not Google’s problem what I install on MY device. As for developer mode, Lifehacker mentions this about extensions: “They’ll be disabled every time you restart unless[…]” you use the Group Policies. So this is far from what a normal use of some software facility is, IMO…

      Also, even if a small part of the users are knowledgeable enough to sideload extensions, the vast majority of users are not. This means that any extension project that will require this cumbersome way of loading will probably be dead in a few month. So basically Google gets to decide what projects should survive or not… I call this a problem.

      1. Nebulus said on May 15, 2015 at 12:11 am

        I agree that a lot of people don’t exactly know what they are doing when it comes to installing extensions, but that doesn’t mean that Google should limit everyone else’s choice as well. This is just wrong.

      2. Rocky said on May 14, 2015 at 9:15 pm

        “…….the vast majority are not..” . That is my point , the vast majority are point and click, and may not consider what it is they are installing – if it looks nice ! install it .

  7. Nebulus said on May 14, 2015 at 10:25 am

    “Google believes that malicious extensions forced users to move to developer channels of the browser” – the people at Google are living in a different reality than the rest of us…

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.