Google engineering director Erik Kay announced the strategy shift in a post on the Chromium blog, confirming that the move is designed to protect businesses from the growing number of malicious Chrome extensions targeting Microsoft Windows.
Kay said that extensions are a useful way to expand the capabilites of Chrome, but many Windows users have alerted Google to the fact that these are being misused.
"Bad actors have abused this mechanism, bypassing the [install] prompt to silently install malicious extensions that override browser settings and alter the user experience in undesired ways, such as replacing the New Tab Page without approval," read the post.
"Since these malicious extensions are not hosted on the Chrome Web Store, it's difficult to limit the damage they can cause to our users. As part of our continuing security efforts, we're announcing a stronger measure to protect Windows users: starting in January on the Windows stable and beta channels, we'll require all extensions to be hosted in the Chrome Web Store."
Kay said businesses using extensions outside the store should begin migrating them now. "If your extensions are currently hosted outside the Chrome Web Store you should migrate them as soon as possible. There will be no impact to your users, who will still be able to use your extension as if nothing changed," read the post.
"You could keep the extensions hidden from the Web Store listings if you like. And if you have a dedicated installation flow from your own website, you can make use of the existing inline installs feature."
Google has been working to improve the security of its Chrome web browser for several years now. The firm pledged to issue Chrome web browser security patches for Windows XP until at least 2015, a year after Microsoft officially ends support for the operating system.
No comments:
Post a Comment