Google Removes Inline Installation of Chrome Extensions
13.6.18 securityweek Crime
Google this week detailed plans to completely remove the inline installation of Chrome extensions from its web browser by the end of the year.
Introduced in 2011, inline installation was meant to make it easier for users to add extensions to the browser by installing them directly from the developer’s website instead of having to go to the Chrome Web Store.
Starting this Tuesday, June 12, inline installation is no longer available for newly published extensions. This fall, however, the change will also affect existing extensions, Google says.
“Extensions first published on June 12, 18 or later that attempt to call the chrome.webstore.install() function will automatically redirect the user to the Chrome Web Store in a new tab to complete the installation,” James Wagner, Extensions Platform Product Manager at Google, explains.
The next stage will enter into effect on September 12, 18. Starting that day, inline installation will be disabled for existing extensions, meaning that all users will be automatically redirected to the Chrome Web Store in order to complete installations.
The final nail in the coffin, however, will be put in early December 18, when Chrome 71 arrives. That browser release, the search company says, will be stripped of the inline install API method.
“Later this summer, inline installation will be retired on all platforms. Going forward, users will only be able to install extensions from within the Chrome Web Store, where they can view all information about an extension’s functionality prior to installing,” Wagner revealed.
According to Google, the removal of inline installation of extensions would add more transparency for Chrome users. Many of these users, the company claims, complain about unwanted extensions on their browser, with most of the complaints referring to “confusing or deceptive uses of inline installation on websites.”
To eliminate the issue, the search provider says, users will be redirected to the Chrome Web Store instead, where detailed information on what’s being installed is available. Thus, users will “fully understand how their browsing experience will be impacted.”
Developers with extensions that use inline installation need to update the install buttons on their website to link to the extension’s Chrome Web Store page prior to the stable release of Chrome 71.
Several years ago, Google disabled the inline installations for Chrome extensions for developers who used deceptive tactics to trick users into installing their products.
Over the past several years, millions of Chrome users were impacted by malicious extensions published to the Chrome Web Store. Some of these applications could lead to the injection and execution of arbitrary JavaScript code, while others were hijacked to display potentially malicious ads and steal user credentials.