Google has taken the first steps in changing how Chrome users find and install extensions: Beginning today Chrome will phase out inline extension installs and push users to the Chrome Web Store instead.
Chrome users who have been to a website that prompts them to install an extension are familiar with the inline installation process, which uses a Chrome API to prompt the browser to download and install extensions.
Google said that it has received a large volume of complaints from Chrome users concerned about changes to their browser, the most common of which were deceptively installed inline extensions. When examining ways to improve the inline installation process Google said that it realized inline installs lack transparency that should be a part of any software installation.
To that end, Google has decided that all Chrome extensions should come from the Chrome Web Store, where users «can make informed decisions about whether to install an extension.»
Inline installation phase out timeline
As of June 12, 2018, new extensions were unable to access the Chrome Web Store call function that would allow them to launch an inline install. The function instead redirects users to the Chrome Web Store so they can take a look at the extension before choosing to install it.
On September 12, 2018, inline installation will be disabled for existing extensions as well. Those extensions will behave just like new ones do, redirecting users to the Chrome Web Store.
SEE: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness (Tech Pro Research)
The inline install API will finally be removed from Chrome starting in version 71, which is due out for release in December 2018.
How this change affects developers
Websites that deliver extensions via inline installation will have until the release of Chrome 71 to change install buttons on the site to link to the Chrome Web Store page for the extension.
Google also recommends taking a look at tips for developing a good Chrome Web Store page to ensure users aren’t dissuaded from installing your extension, and adding a Chrome Web Store badge to give an air of legitimacy to an extension’s website.
Hopefully this change will improve Chrome security, but it’s worth taking note of the security of other Google app delivery platforms like the Play Store, which is known for its malware-laden apps.
If Google takes the same laissez-faire attitude to Chrome Web Store security that it takes with Google Play it will still be important to double check the security of an extension before installing it.
The big takeaways for tech leaders:
- Google is phasing out inline installation of Chrome extensions and will soon redirect all inline install requests to the Chrome Web Store.
- Developers who rely on inline installation need to modify their installation button to stop using the inline install API and instead direct users to the Chrome Web Store page for the extension.