Google’s Chrome browser will soon crack down on sneaky installation of extensions. In a blog post, Google has confirmed that the external extension deployment will be disabled by default. This will actually shut off a major security loop-hole in the Chrome browser. Currently, third-party developers can actually install hidden extension to Chrome, without the user’s knowledge.
This happens because Chrome uses Windows registry mechanism for extension deployment. This can be used by software developers to install hidden extensions directly into the browser. So once Chrome’s version 25 is deployed, users will possibly a prompt to review the extensions being installed.
It will also show a prompt every time a extensions which are not from the Chrome webstore is being installed.
Is Chrome a year late?
This update to Chrome is actually surprisingly late. Currently we are on version 23 so it should a while before Chrome 25 is rolled out. Mozilla had announced something similar almost a year ago. But then Mozilla had also faced a major issue thanks to Microsoft pushing its Skype toolbar.
The toolbar caused many browser crashes for Firefox users. Mozilla finally added the Skype toolbar into the official Firefox block list. A few months later Firefox by default stopped allowing silent installations of add-ons. That was back in August 2011, so it seems Chrome is almost a year and half late.
Well its better late than never. Do drop in your comments.