Google expands non-Store extension installation policy to all Windows channels

Google announced today that it made the decision to expand its non-Store extension installation policy to all Windows versions of the Chrome browser.

The company started to enforce the policy back in May 2014 for Chrome Stable and Beta on Windows but not on the Developer and Canary channels.

Back then, users on the stable or beta channel received notifications that unsupported extensions were disabled which meant that the browser had disabled all extensions not installed from the Chrome Web Store on launch.

While Google noticed a 75% drop in customer support help requests regarding uninstalling unwanted extensions afterwards from users of those channels, it did notice that malicious software forced "users into the developer channel in order to install unwanted off-store extensions".

That's the main reason why the company is expanding the off-store policy to all Windows channels and to Mac systems in July 2015.

It is rather interesting that Google believes that malicious extensions forced users to move to developer channels of the browser and not the company's policy that blocked off-store extensions from being installed to stable or beta channels of the browser.

It appears likely that at least some of those Chrome users moved to developer or canary channels of the browser to continue using extensions that are not offered in store.

How to install off-store extensions in Chrome

There are still two methods to install extensions in Google Chrome that are not hosted on the official store or provided as a direct Chrome extensions file:

1. Using Enterprise policies. Designed for enterprise environments, it allows administrators to deploy Chrome extensions using Group Policies or master_preferences. Check out our guide on installing the Chrome policies on Windows.
2. Installation as local extensions which is mainly designed for developers of Chrome extensions. The method is not complicated but it requires some work on the user's part. Basically, you need to have the Chrome extensions file with the extension crx on your system already. Extract it using a program like Bandizip or 7-Zip, and open chrome://extensions afterwards. Check the "Developer Mode" box at the top of the page and click "load unpacked extension" afterwards. Browse to the folder that you have extracted the extension to and select it to load the extension in Chrome.

Another option that Chrome users have is to migrate to the Chromium browser or another third-party browser based on Chromium that don't enforce the policy.

The move locks down extensions even more than before. While the move will have an impact on the distribution of malicious extensions on those channels, it is giving Google more control.

The option to install extensions that are not hosted on the web store is not removed from the browser but the process is not as straight forward as clicking on two buttons anymore. Chrome users who want to install off-store extensions can still do so.

The move won't protect users fully from malicious extensions though. Recently, sites dropped malicious extensions on users that were uploaded to the Web Store.

Now You: Are you affected by the move? What's your take on it?