Establishing Digital Trust: Don't Sacrifice Security for Convenience
Google product manager Peter Ludwig recently announced that the upcoming Chrome 25 for Windows will prevent the installation of browser extensions without user approval.
"Until now, it has been possible to silently install extensions into Chrome on Windows using the Windows registry mechanism for extension deployment," Ludwig writes. "This feature was originally intended to allow users to opt-in to adding a useful extension to Chrome as a part of the installation of another application. Unfortunately, this feature has been widely abused by third parties to silently install extensions into Chrome without proper acknowledgment from users."
"In order to prevent this type of abuse, starting with Chrome 25, the browser will automatically disable all previously installed 'external' extensions and will present users with a one-time dialog box to choose which ones they want to re-enable. ... Mozilla implemented a very similar mechanism over a year ago in Firefox to prevent extensions installed offline by other programs from being enabled without user confirmation," writes PCWorld's Lucian Constantin.
"Google recommends that Windows developers use their inline installation mechanism for adding extensions in the future," The H Open reports. "This allows extensions to be served from Google's Chrome Web Store in the background while appearing to be installed from the extension developer's web site."