Google announced today that long-standing plans to unify the distribution of Chrome extensions for Windows users under its own Chrome Web Store have come to fruition, locking out extensions being distributed elsewhere on the web.
Writing in an official blog post Google engineering director Erik Kay said that malicious extensions are a danger to Chrome users on Windows.
+ALSO ON NETWORK WORLD: Sophos adds file-level encryption to mobile security software | Can Digital Rights Management and the Open Web Coexist? +
“Malware can change how browsers work by silently installing extensions on your machine that do things like inject ads or track your browsing activity. If you notice strange ads, broken web pages or sluggish browsing after installing some new software or plugins, you could be affected,” he said.
All extensions for Windows users will now be managed and distributed via the Chrome Web Store, with the object of providing an additional security layer between users and potentially harmful software.
Chrome extensions have long been a target for online crooks, who have hijacked legitimate extensions and created their own malicious ones. A bad extension can do a lot to affect a Chrome user’s experience, like redirecting links and spamming pop-up ads.
A January report from Ars Technica highlighted the fact that it’s often tricky to see malicious extensions coming, particularly if bad actors simply purchase existing, legitimate software. Chrome’s automatic updating features mean that unwanted ad services and redirects can slip silently into victims’ browsers.
Google noted that exceptions to the new policy will be made for developers, as well as for businesses that use pre-set policies to distribute extensions. Users of Chrome on other platforms will be unaffected by the changes.
Email Jon Gold at email@example.com and follow him on Twitter at @NWWJonGold.