We’re always working to improve Chrome extensions while keeping our users as safe as possible. In May 2014 we announced a new policy to protect Windows users by enforcing that extensions be hosted on the Chrome Web Store. The results were encouraging: we saw a 75% drop in customer support help requests for uninstalling unwanted extensions. Consequently, we will expand the reach of this protection to all Windows and Mac users in the coming months.
We originally did not enforce this policy on the Windows developer channel in order to allow developers to opt out. Unfortunately, we’ve since observed malicious software forcing users into the developer channel in order to install unwanted off-store extensions. Affected users are left with malicious extensions running on a Chrome channel they did not choose. As such, starting today we will begin enforcing this policy on all Windows channels. Mac will soon follow, with enforcement for all channels beginning in July 2015.
For developers, we’ll continue to support local extension installs during development as well as installs via Enterprise policy. To provide an integrated install flow from your own website, you can make use of the existing inline installation feature. If you run into problems or think an extension was disabled incorrectly, please reach out to us in our support forums. If you’ve developed an extension not yet in the Chrome Web Store, we encourage you to submit it today.
The extension platform unlocks powerful features that can help users get the most out of Chrome. However, it is crucial that our users stay safe from the reaches of malicious software developers. Extending this protection is one more step to ensure that users of Chrome can enjoy all the web has to offer without the need to worry as they browse.
Posted by Jake Leichtling, Extensions Platform Product Manager
Source: Chromium Blog: Continuing to protect Chrome users from malicious extensions