[QUOTE]
Google today began blocking local Chrome extensions with the aim of protecting Windows users against the secret installation of unwanted extensions by malware.
Google had previously announced it would be making changes in order to make it more difficult for malware to install unwanted Chrome extensions without the user’s knowledge.
While many services bundle useful companion extensions which can be installed following a prompt, said Google, some agents have designed extensions to bypass the prompt in order to silently install malicious extensions that override browser settings.
"From now on, to protect Windows users from this kind of attack, extensions can be installed only if they're hosted on the Chrome Web Store," said Google in a blog post. [B]"With this change, extensions that were previously installed may be automatically disabled and cannot be re-enabled or re-installed until they're hosted in the Chrome Web Store."[/B]
Google said it would continue to support local extension installs during development as well as installs via Enterprise policy. The company also said that Windows developer channel users, along with users on other operating systems, will be unaffected by the changes.
In December Google announced it had updated its Chrome Web Store policy, banning multi-purpose Chrome extensions. The company stipulated that extensions in the Chrome Web Store must have a single purpose that “is narrow and easy to understand”.
Google also revealed this week that the Chrome Web Store would no longer show Netscape Plugin API (NPAPI)-based apps and extensions on its home page, search results, and category pages.
The company first said late last year that it would begin to phase out all plugins, apps, and extensions that make use of NPAPI in order to improve Chrome’s security, speed, and stability, while also reducing the complexity of the code base.
Google said it was still in the process of helping still-popular NPANPI plugins such as Silverlight, Google Earth, Google Talk, and Java, migrate to open-web-based alternatives.
"Most use cases that previously required NPAPI are now supported by JavaScript-based open web technologies. For the few applications that need low-level APIs, threads, and machine-optimized code, Native Client offers the ability to run sandboxed native code in Chrome," said Google in a blog post.[/QUOTE]
[url]http://www.zdnet.com/google-blocks-l...ns-7000029915/[/url]
I just got hit with this today as several of my extensions were disabled with no way to re-enable them, good thing I primarily use firefox. Slightly old, from May 27th; but it is still fairly recent.
And they were disabled in the beta a week earlier, seriously.
You can counter this by loading the unpacked extension in developer mode.
The only downside to this method is that it prompts you with a security warning each time you launch Chrome.
[QUOTE=LittleBabyman;45072609]And they were disabled in the beta a week earlier, seriously.[/QUOTE]
[url]http://www.chromium.org/getting-involved/dev-channel[/url]
get the dev channel
Oh no, Chrome does something to protect the majority of their user base from malware!
Is it possible to disable updates? I only use Chrome for my edited Mediahint extension with autoupdates disabled so I can watch American Netflix, if Chrome updates and disables that I'm fucked
[QUOTE=deadeye536;45072655]Oh no, Chrome does something to protect the majority of their user base from malware![/QUOTE]
I'm assuming you're being sarcastic, and while it may be half way true that it's a security measure it's also a pain in the ass for most people. I don't think any of the extensions I have installed are present in the chrome web store, which means most, if not all, of my extensions will forcefully be disabled which sucks.
some people may like being protected like this, but it's important to keep the ability to let people download "unofficial" stuff without being annoyed by prompts or having it outright taken from them. some people know what they're doing!
lol
chrome
I can see google bringing this to android and disabling non-market app installs.
you can thank soccer moms and other computer retarded mongoloids for this "feature"
If you care about things like this you shouldn't be using Chrome in the first place
[QUOTE=PredGD;45072676]I'm assuming you're being sarcastic, and while it may be half way true that it's a security measure it's also a pain in the ass for most people. I don't think any of the extensions I have installed are present in the chrome web store, which means most, if not all, of my extensions will forcefully be disabled which sucks.
some people may like being protected like this, but it's important to keep the ability to let people download "unofficial" stuff without being annoyed by prompts or having it outright taken from them. some people know what they're doing![/QUOTE]
Most extensions that aren't published through the Chrome App Store are userscripts, and can be installed using TamperMonkey, which is a painless process. If the extension is a .crx, then you can still install it through chrome://extensions by unzipping the files once.
This benefits the wide majority of users with only a small side effect for power users. I'd say it's an overall good change.
I think this is a good change in regards to malicious extensions
[QUOTE=deadeye536;45072728]Most extensions that aren't published through the Chrome App Store are userscripts, and can be installed using TamperMonkey, which is a painless process. If the extension is a .crx, then you can still install it through chrome://extensions by unzipping the files once.
This benefits the wide majority of users with only a small side effect for power users. I'd say it's an overall good change.[/QUOTE]
wouldn't it be better to enable it by default, and for those who don't want their extensions forcefully disabled can disable this "security" feature as they want?
personally, I feel everything that is forced upon the user will always be a step backwards. I'm all for security, but at least make it optional.
Well, time to start using [url=http://ultronbrowser.info/]Google Ultron[/url]
[QUOTE=PredGD;45072763]wouldn't it be better to enable it by default, and for those who don't want their extensions forcefully disabled can disable this "security" feature as they want?
personally, I feel everything that is forced upon the user will always be a step backwards. I'm all for security, but at least make it optional.[/QUOTE]
When this first hit news, I heard mention that there would be a startup flag that would allow 3rd party extension install. Since I'm on Linux and don't have this update, I can't check, but look on chrome://flags for an option.
They really ought to do something about the whole "Installed by enterprise policy" bs that a great deal of malicious extensions use, making you unable to simply uninstall them from Chrome. Either severely restrict what extensions are allowed to use it (through a whitelist or whatever), remove the "enterprise policy" thing completely, or better yet, just give users the ability to uninstall them like any other extension.
While I haven't gotten these myself as I'm careful with what I install, friends and family who aren't as careful have. Not only do they completely fuck up the browser (ads everywhere, unchangeable homepage etc), but they're a bitch to remove.
[QUOTE=deadeye536;45072789]When this first hit news, I heard mention that there would be a startup flag that would allow 3rd party extension install. Since I'm on Linux and don't have this update, I can't check, but look on chrome://flags for an option.[/QUOTE]
as long as that's possible, then I have no issues with it. I can't really check either as I'm on linux too, so eh :v:
[QUOTE=deadeye536;45072655]Oh no, Chrome does something to protect the majority of their user base from malware![/QUOTE]
Which also happens to restrict 100% of the user base in what they do with their own damn software.
[QUOTE=PredGD;45072833]as long as that's possible, then I have no issues with it. I can't really check either as I'm on linux too, so eh :v:[/QUOTE]I checked, and there doesn't seem to be one.
[QUOTE=Mindtwistah;45072807]They really ought to do something about the whole "Installed by enterprise policy" bs that a great deal of malicious extensions use, making you unable to simply uninstall them from Chrome. Either severely restrict what extensions are allowed to use it (through a whitelist or whatever), remove the "enterprise policy" thing completely, or better yet, just give users the ability to uninstall them like any other extension.
While I haven't gotten these myself as I'm careful with what I install, friends and family who aren't as careful have. Not only do they completely fuck up the browser (ads everywhere, unchangeable homepage etc), but they're a bitch to remove.[/QUOTE]
God fuck those ones, such a bastard to remove
[editline]11th June 2014[/editline]
[QUOTE=MegaJohnny;45072837]Which also happens to restrict 100% of the user base in what they do with their own damn software.[/QUOTE]
except you can still install outside extensions, it's just done manually now
[QUOTE=MegaJohnny;45072837]Which also happens to restrict 100% of the user base in what they do with their own damn software.[/QUOTE]
If you want more freedom with your software, then Chrome isn't for you in the first place, since it contains non-free software. Look into Chromium in that case, which is open-source.
[editline]11th June 2014[/editline]
[QUOTE=AzzyMaster;45072688]I can see google bringing this to android and disabling non-market app installs.[/QUOTE]
Except by default, you already can't install apps that aren't on the Play Store? It's a single tick-box in the security settings.
Get the dev channel and just drag and drop the .crx to the extensions tab.
Turn off the security prompts if they bother you.
I've been on the dev channel for a long time, it's the same expirience.
Ever since this was disabled, I just switched to firefox. Can't stand using youtube without Youtube Center.
I can understand disabling unauthorized extensions, but is it so much to ask to be able to whitelist some of them ?
I honestly don't know why they wouldn't just disable them by default, then you can just turn on the ones you actually installed. Now I had to lose youtube centre which made youtube less of a piece of shit for a while. Thanks Google, because I'm too fucking stupid to not notice extensions I didn't install.
Chrome is awfully strict when it comes to how it wants you to experience the web. Almost feels like Apple way of things.
Is it so hard to download a different version of chrome?
[QUOTE=Ganerumo;45072984]Ever since this was disabled, I just switched to firefox. Can't stand using youtube without Youtube Center.
I can understand disabling unauthorized extensions, but is it so much to ask to be able to whitelist some of them ?[/QUOTE]
Youtube Center is a [URL="http://userscripts.org:8080/scripts/show/114002"]userscript[/URL], just get [URL="https://chrome.google.com/webstore/detail/tampermonkey/dhdgffkkebhmkfjojejmpbldmpobfkfo?hl=en"]TamperMonkey[/URL].
[QUOTE=Shreddinger;45073008]Is it so hard to download a different version of chrome?[/QUOTE]
Yes.
It's not like they make it easy to revert a version
Anyway: whoever decided this can get fucked. They're disallowing our own custom-made extensions with no fucking way to re-enable them. They think they can disable my YouTube Center? Get fucked, I've got Tampermonkey.
[editline]11th June 2014[/editline]
[QUOTE=deadeye536;45073107]Youtube Center is a [URL="http://userscripts.org:8080/scripts/show/114002"]userscript[/URL], just get [URL="https://chrome.google.com/webstore/detail/tampermonkey/dhdgffkkebhmkfjojejmpbldmpobfkfo?hl=en"]TamperMonkey[/URL].[/QUOTE]
There are a few differences between the userscript and extension, though.
Some good, some bad.
you don't need to revert a version, just get the dev version and forget that this ever happened, it looks the same, just has more options enabled.
I tried the userscript version, it crashes when there are more than 3 embedded videos on a single page.
and it really slows down chrome, just get dev.
Sorry, you need to Log In to post a reply to this thread.
