Google blocks Chrome extensions from third party servers
Future versions of Google's Chrome web browser will block the installation of extensions, apps and user scripts hosted on third party servers. According to a page on the Chrome Web Store Help site, developers will in future have to submit their extensions for inclusion in the Chrome Web Store, where Google will check all files for malicious functionality.
Until now, developers have been able to host Chrome extensions on their own servers. This had the advantage that updates could be made available for installation immediately after uploading; also developers did not have to adhere to Google's terms and conditions for using the Chrome Web Store. However, Google says this capability was increasingly being used by fraudsters to spread malicious extensions able to perform functions such as stealing data entered on web pages. This meant that the company was not in a position to easily block these malicious extensions.
The latest stable version of Chrome, 20.0.1132.57, still allows the installation of extensions hosted by third parties, but this is likely to change with the next update. Version 21.0.1180.41, currently in beta, blocks installation of third party extensions and points users in the direction of the Chrome Web Store. Even after downloading a third party extension, we were not able to install it on this version.
Google offers an inline installation option for developers who do not want to send their users to the Chrome Web Store; this allows installation of an extension that is hosted in the Chrome Web Store to be initiated from an external web site.