Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Starts Blocking Extensions Not In the Chrome Web Store

Posted by Soulskill on from the protecting-you-from-yourself dept.

An anonymous reader writes "Google has begun blocking local Chrome extensions to protect Windows users. This means that as of today, extensions can be installed in Chrome for Windows only if they're hosted on the Chrome Web Store. Furthermore, Google says extensions that were previously installed 'may be automatically disabled and cannot be re-enabled or re-installed until they're hosted in the Chrome Web Store.' The company didn't specify what exactly qualifies the "may" clause, though we expect it may make exceptions for certain popular extensions for a limited time. Google is asking developers to reach out to it if they run into problems or if they 'think an extension was disabled incorrectly.'"

1 of 225 comments (clear)

  1. Re:yeah whatever by verylargeprime · · Score: 5, Informative

    Nope. You're wrong.

    Browser hijacking is a major problem within Chrome and other browsers, and side-loaded extensions are by far the most common vector for hijacking. Firefox and IE have the same problem. Short of making extension APIs totally useless for developers, this is the best approach anyone's come up with. Third-party anti-malware vendors are unreliable in this regard because it's very difficult (with good and often sufficiently gnarly legal reasons) to get them to classify any given extension as clearly being malware. This gives Google a necessary choke-point through which to filter unsavory extensions.

    While you seem to believe this desire for control is driven by a nefarious, greedy plan to herd all the sheeple into a walled garden [diabolical laughter] with "plausible deniability," it's actually driven by a desire to not have users fucking hate Chrome because some dipshit is making millions of dollars injecting toolbars into browsers and sucking up volumes of sensitive and often personally identifiable information with no (or ill-begotten) user consent.

    Though I don't see it mentioned in either of the links, it should be noted that this constraint only affects Windows stable (and I believe beta) channels. If you want to run Windows Chrome and you know you can handle yourself without being hijacked, just run dev channel. It's usually pretty stable.

    Source: I'm a full-time Chrome developer at Google.