www. O S N E W S .com
News Features Interviews
BlogContact Editorials
Google to remove ability to sideload Chrome extensions
By Thom Holwerda on 2018-06-12 23:21:41

We strive to ensure choice and transparency for all Chrome users as they browse the web. Part of this choice is the ability to use the hundreds of thousands of extensions available in the Chrome Web Store to customize the browsing experience in useful and productivity-boosting ways. However, we continue to receive large volumes of complaints from users about unwanted extensions causing their Chrome experience to change unexpectedly - and the majority of these complaints are attributed to confusing or deceptive uses of inline installation on websites. As we've attempted to address this problem over the past few years, we've learned that the information displayed alongside extensions in the Chrome Web Store plays a critical role in ensuring that users can make informed decisions about whether to install an extension. When installed through the Chrome Web Store, extensions are significantly less likely to be uninstalled or cause user complaints, compared to extensions installed through inline installation.

Later this summer, inline installation will be retired on all platforms. Going forward, users will only be able to install extensions from within the Chrome Web Store, where they can view all information about an extension's functionality prior to installing.

Am I the only one who's assuming this will eventually allow Google to remove all adblockers from Chrome?

 Email a friend - Printer friendly - Related stories
Read Comments: 1-10 -- 11-20 -- 21-30 -- 31-40 -- 41-50 -- 51-60 -- 61-70 -- 71-73
RE[28]: Locking down the "open" browsers.
By Alfman on 2018-06-17 14:05:01

> That is why there is a list of Potentially Unwanted Applications/Program(PUA/PU P). Software that is double side goes on that list. This is where it comes down to skill of assessment and asking questions to work out if the program had a valid context reason for being there..

Yes I know all of this.

> Blacklisting only knows evil/bad perfectly. Whitelisting only know good perfectly. Whitelist and Blacklist process can generate a Greylist the Greylist requires human processing.

Well sure that's the intent, but it is imperfect due to both false positives and false negatives.

> Most people know what should be in a blacklist or a whitelist but when you ask them what should be in a greylist they don't have a clue also notice most spell checkers class greylist as a typo. Most only know of greylist used with mail servers and spam control. This is one of the big things that says people don't have a clue how to do assessment.

Everything should end up in 1 of three lists in assessment.
1) whitelist (clean can be ignored)
2) blacklist (know bad actions will have to be taken)
3) Graylist (human assessment required)

Just because it's been whitelisted doesn't mean it's clean. The reality is that many legit programs are often vulnerable in ways that aren't understood. These can become zero day exploits in the hands of hackers. If repair jobs ignore them because they're whitelisted, well then computers will remain vulnerable when they leave the shop.

Both whitelisting & blacklisting are fallible. Of course you do the best you can, but it's never going to be "perfect" in the way you suggest.

> http://www.bsa.org
You don't have to part of BSA looking for unlicensed software used they do in fact at times send machines with different defects to different repair shops to see if unlicensed software was used. So there is average stats on what repair shops successfully find and also what they repeatably fail to find. Not openly published because it kind of would be highly useful to those designing attacks.

So repair shops at random are rated. It would be better if it was not at random.

They're a copyright advocacy group, I don't see where they rate repair shops for malware detection, could you send a more specific link?

Edited 2018-06-17 14:11 UTC
Permalink - Score: 2
RE[6]: Locking down the "open" browsers.
By Alfman on 2018-06-17 14:25:11

> On android, I don't get a pop-up that offers to enable side-loading-- and even if I did, it would warn me that something nefarious is trying to happen.

The difference is that Chrome can still trick you into loading an application from a non-approved source. I'm OK with that being disabled.

I would like the option to manually enable side-loaded apps, however, even if it means going into chrome settings.

Yep, anyone who believes in sideloading being a choice (rather than being forced into a walled garden) should agree with that.
Permalink - Score: 2
RE[5]: Locking down the "open" browsers.
By zima on 2018-06-19 22:17:02
> I was a kid once and computers then had virtually no protections from user error. The computers did what you asked whether it was dangerous or not.
They were also much less useful back then; and for example you probably wouldn't want to do online banking with them...
Permalink - Score: 2

Read Comments 1-10 -- 11-20 -- 21-30 -- 31-40 -- 41-50 -- 51-60 -- 61-70 -- 71-73

No new comments are allowed for stories older than 10 days.
This story is now archived.

News Features Interviews
BlogContact Editorials
WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?