Connect with us

Hi, what are you looking for?


Malware & Threats

Google Removes Inline Installation of Chrome Extensions

Google this week detailed plans to completely remove the inline installation of Chrome extensions from its web browser by the end of the year.

Google this week detailed plans to completely remove the inline installation of Chrome extensions from its web browser by the end of the year.

Introduced in 2011, inline installation was meant to make it easier for users to add extensions to the browser by installing them directly from the developer’s website instead of having to go to the Chrome Web Store.

Starting this Tuesday, June 12, inline installation is no longer available for newly published extensions. This fall, however, the change will also affect existing extensions, Google says.

“Extensions first published on June 12, 2018 or later that attempt to call the chrome.webstore.install() function will automatically redirect the user to the Chrome Web Store in a new tab to complete the installation,” James Wagner, Extensions Platform Product Manager at Google, explains.

The next stage will enter into effect on September 12, 2018. Starting that day, inline installation will be disabled for existing extensions, meaning that all users will be automatically redirected to the Chrome Web Store in order to complete installations.

The final nail in the coffin, however, will be put in early December 2018, when Chrome 71 arrives. That browser release, the search company says, will be stripped of the inline install API method.

“Later this summer, inline installation will be retired on all platforms. Going forward, users will only be able to install extensions from within the Chrome Web Store, where they can view all information about an extension’s functionality prior to installing,” Wagner revealed.

Advertisement. Scroll to continue reading.

According to Google, the removal of inline installation of extensions would add more transparency for Chrome users. Many of these users, the company claims, complain about unwanted extensions on their browser, with most of the complaints referring to “confusing or deceptive uses of inline installation on websites.”

To eliminate the issue, the search provider says, users will be redirected to the Chrome Web Store instead, where detailed information on what’s being installed is available. Thus, users will “fully understand how their browsing experience will be impacted.”

Developers with extensions that use inline installation need to update the install buttons on their website to link to the extension’s Chrome Web Store page prior to the stable release of Chrome 71.

Several years ago, Google disabled the inline installations for Chrome extensions for developers who used deceptive tactics to trick users into installing their products.

Over the past several years, millions of Chrome users were impacted by malicious extensions published to the Chrome Web Store. Some of these applications could lead to the injection and execution of arbitrary JavaScript code, while others were hijacked to display potentially malicious ads and steal user credentials.

Related: Google Bans Crypto-Mining Chrome Extensions

Related: Half Million Impacted by Four Malicious Chrome Extensions

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.