Chrome Will Block Installing Extensions Outside Its Web Store
Once upon a time, OK not so long ago, browsers such as Chrome and Firefox fought for supremacy over browser extensions. That war has seemingly simmered down but the remnants threaten the security of at least one of them. Chrome browser extensions have, unfortunately, been one of the major sources of malware for its users. Now Google is stepping in and will tighten security by soon preventing extensions from being installed from outside its own Chrome Web Store.
The situation largely mirrors the case of Android. While the Play Store is the sanctioned and guaranteed safe source of apps, users can still install apps from other sources, whether from OEMs' own app marketplaces or APKs floating around the Internet. But while Google can't do much about that convention on Android, it is putting its foot down on Chrome.
Google explains that majority of the complaints about the quality and security of Chrome extensions can be blamed on inline installations. That is, extensions that are installed from websites other than the Chrome Web Store and are, therefore, not vetted by reviews, descriptions, and the like. Soon, Chrome will no longer allow such extensions but it's not going to happen all at once to give legit extension developers time to move their software to the Web Store.
So here is how it will all go down. New extensions published starting today will no longer be able to call on inline installation and will, instead, redirect to the Chrome Web Store. Starting 12th September, that will be the case even for older extensions. Then when Chrome 71 rolls around, the API for inline install will be removed completely. Moving forward, all Chrome extensions can only be installed
That last bit is important if you want to get maximum protection, as it will be the only version of Chrome that won't work with inline install no matter what. That said, users should also note that, like on Google Play Store, the Chrome Web Store has had its fair share of malware-bearing fake extensions masquerading as legit ones.