Google has announced it will no longer allow installing Chrome browser extensions in Windows unless they come from the Chrome Web Store. The new policy goes into effect starting January for the stable and beta channels, meaning the change will mostly affect end users and not developers or Enterprises running local extensions.
For those who are unaware, extensions are small applications that extend a browser's functionality. You can use an extension to quickly post to social networks, get email notifications, manage passwords and so on.
Erik Kay, Engineering Director at Google, said that the existing security mechanism is being abused as extensions are getting installed silently without any prompt. These malicious extensions are then able to do things like altering browser settings, replace the new tab page without approval, etc. He cited numerous complaints that the company has been getting from Windows Chrome users, in support of this decision.
As far as extension developers are concerned, they can easily migrate their applications to the Chrome Web Store. The migration process will have no impact on users, who should be able to continue using extensions without noticing the change, if the developer follows through of course. A point worth noting here is that Google will require extension developers to shell out a one time $5 registration fee and a 5% cut on each transaction done through Chrome Web Store Payments, the built-in payment system.
This is the latest of several security-oriented moves for Chrome. Recently, the company added a Reset browser settings button that lets users go back to the original browser settings should they notice any strange behavior.