Chrome Stops 'Silent' Plug-In Installs
CREDIT: Evgeny Korshenkov/Shutterstock.com
In an effort to increase users' security, Google no longer will allow extensions for its Chrome Web browser to be installed without the user's knowledge. The company also said it will make changes to how plug-ins in its official store are vetted, in order to mitigate the number of malicious apps that make it past Google's monitors.
"Extensions can sometimes influence Chrome’s functionality and performance," the company wrote in a blog post. "Many users have installed extensions from the Chrome Web Store, but some users have extensions that were silently installed without their knowledge."
The "silent" install feature, which affects only Windows machines, was intended to allow users to conveniently opt in to plug-ins that complemented another application. However, since "this feature has been widely abused by third parties," Google decided to kill it in its latest Chrome update. Thus, with Chrome 25, users will be prompted before any complementary plug-ins attempt to install themselves in conjunction with another app.
Google's changes also extend to how extensions from third-party sites are installed. In the past, any site could prompt a user to download a plug-in, but again Google has reined in the process to prevent abuses and will require all plug-ins that don't come from the official store to be added via the Extensions page.
"Online hackers may create websites that automatically trigger the installation of malicious extensions," Google wrote in a the Chrome help section. "Their extensions are often designed to secretly track the information you enter on the Web, which the hackers can then reuse for other, ill-intended purposes."