Google blocks Chrome extension installations from third-party sites to combat abuse

Doris Richards
June 13, 2018

Even if users click on a link elsewhere on the internet, they'll still be redirected to the Chrome Web Store - no more instant install from developers' or random websites.

Starting today, inline installation will be unavailable to all newly published extensions.

Until now, this has been possible because the inline installation process allowed developers to create extensions, have the extensions hosted on the official Chrome Web Store, but allow users to install the extensions just by clicking a button on a third-party website without the user ever visiting the extension's Chrome Web Store page.

In contrast, Google has found that installations from the Chrome Web Store that feature ample information like descriptions, screenshots, reviews, and support results in "significantly less" user complaints and uninstalls.

However, extensions can often modify the experience in ways that an average user may not be able to comprehend or predict. Google mentions on its Chromium blog that they have been receiving large volumes of complaints from users about unwanted extensions causing undesirable changes in the user experience, with the biggest culprit being extensions available through inline installation on websites.

The decision, which will be implemented in stages, follows a series of complaints in recent years about malicious extensions distributed through the Chrome Web Store and via malware.


First, as of Tuesday, new extensions can't be installed inline. Newly published code that makes use of the chrome.webstore.install () function will present a Chrome Web Store tab to carry out the installation instead of triggering that action directly.

September 12, 2018: inline installation will be disabled for existing extensions, and users will be automatically redirected to the Chrome Web Store to complete the installation. "At the same time, it's crucial that users have robust information about extensions prior to installation, so that they fully understand how their browsing experience will be impacted".

The company and its users experienced wave after wave of issues with malicious or deceptive Chrome extensions.

And in early December, 2018, the inline installation API will be removed from Chrome 71. You can also opt to use Google Chrome's install badge for greater visibility.

To combat the issue in the past year, Google has introduced new polices, like banning cryptocurrency mining, and applying machine learning to counter deceptive extension installations.

Other reports by Iphone Fresh

Discuss This Article

FOLLOW OUR NEWSPAPER