With Google taking security seriously, Google has made changes in its popular browser, the Google Chrome, on how an extension can be installed. Previously, if an extension wasn’t hosted on Chrome Web Store, but on some developer’s or rather hacker’s website, the page would just prompt you to install that particular extension and the user could authorize the installation by just clicking a button while not knowing the consequences. This process is now removed or just made tougher. Now, if the user wants to add an extension to his chrome browser, he has to explicitly instruct Chrome by adding through the Extensions page
You may wonder why? Well, there are tons of malicious extensions out there, and the numbers are increasing day by day. Some of them even have the ability to spy on the user and send back the data to attacker. Google has already been closely monitoring Google Web Store for such malicious extensions, however, they have no control over extensions that are hosted anywhere else on the web. The new update prevents any website from triggering an unauthorized extension installation, hence making Chrome safer than ever.
If ever you have downloaded an extension from a trusted site and wish to install it to your Chrome browser, it is still possible to install by following the steps below:
1. Download the extension file from the website and save it to your computer.
2. Click the wrench icon on the browser toolbar.
3. Select Tools > Extensions.
4. Locate the extension file on your computer and drag the file onto the Extensions page.
5. Review the list of permissions in the dialog that appears. If you would like to proceed, click Install.
For developers who are currently hosting extensions coded by them on their own servers can consider hosting it on Chrome Web Store. Developers can also use inline install so that visitors can install the extension directly without even leaving developer’s site, which is a great alternative while saving server resources too.