Google adds another obstacle for developers of deceptive Chrome extensions
Starting on September 3, Google will begin disabling inline installation (i.e. installation from the developer’s website) for extensions linked to deceptive sites and ads.
This is the latest in a string of moves made by the company to address the problem of unwanted extensions being flung at unsuspecting users.
“Inline installation was introduced in 2011 as a way for users to seamlessly install extensions from developers’ websites. Unfortunately, this mechanism has been abused by deceptive sites and ads that trick users into installing unwanted extensions,” Andrew Kim and Ben Ackerman of the Chrome Policy and Anti-Abuse Team explained.
They estimate that less than 0.2 percent will be affected by this change.
If a user attempts to download a deceptive extension from a developer’s site, they will be redirected to the extension’s page in the Chrome Web Store. He or she will still be able to download the extension, but now they will have a chance to review what it does and what permissions it asks for before they install it.