Back in January I posted about Chrome 25 and it’s new extension security feature. This version of Chrome removed the ‘auto-install’ feature. If you run Chrome on a Windows system you may already know that Chrome is designed to allow unseen installs to allow users to opt-in to adding a useful extension to Chrome as a part of the installation of another application.
This meant some 3rd-party developers have silently installed extensions into Chrome without proper acknowledgement from users. Chrome version 25 presented the user with two options (similar to what Windows did with Vista User Account Control), prior to installing a extension – ‘Enable extension’ or ‘Remove from Chrome’.
Quite a few Chrome extensions are still not hosted on the Chrome Web Store, so it’s difficult for Google to protect it’s users from malicious extensions. Google earlier this month announced that was going to increase the protection it offered Windows users. Starting in January 2014 on the Windows stable and beta channels, Google will require all extensions to be hosted in the Chrome Web Store. Google is advising developers to migrate their extensions as soon as possible.
If you are a developer and have questions, then you should get in touch with the Chromium extensions group.
TIP: Don’t sign in to Chrome if you are using a PUBLIC or UNTRUSTED computer or mobile device. A copy (cache) of your data will be stored on that computer or mobile device and may be accessed by other people. You can control this and more here: http://www.google.com/dashboard
For further information about the security improvements to the Google Chrome browser.
Safe surfing folks!