Google today upgraded Chrome to version 33, fulfilling its promise to block more add-ons in the Windows browser and quashing 28 bugs.
The promotion of the new tools and features to Chrome's "Stable" channel, one of three that the Mountain View, Calif. company maintains, had been trumpeted previously, and baked into rougher builds.
[ Also on InfoWorld: Google tackles top security complaint among Chrome users. | Safeguard your browsers; InfoWorld's experts tell you how in the "Web Browser Security Deep Dive" PDF guide. | For a quick, smart take on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. ]
Top on the change list was the posting of a "No trespassing" sign: Only extensions or add-ons that originate from the Chrome Web Store, Google's official distribution channel, can be installed. The new policy currently affects only users of the Windows version of Chrome 33.
Chrome 33 also automatically throws a "kill switch" on extensions that had been installed previously from sources other than the Chrome Web Store. Google called this a "hard-disable," or one that prevents the user from re-enabling the add-on. Some exceptions applied.
Google first promised that in November, when Erik Kay, director of Chrome engineering, cited "our continuing security efforts" for the change, and stated, "We believe this change will help those whose browser has been compromised by unwanted extensions."
Google has been tightening the screws on third-party add-ons since July 2012, when it first required that add-ons move to the Chrome Web Store. In other subsequent steps, it blocked sneaky add-on installation.
Those stricter policies had driven some purveyors of adware to try an end-around by buying the rights to established add-ons already in the Chrome Web Store, then modifying them to bombard users with advertisements.
Starting with Chrome 33 on Windows, Google is closing the remaining loopholes: Extensions that had been installed locally or by businesses internally must be published to the Chrome Web Store. Businesses can hide their extensions on the store from the public at large -- or continue to use group policies to offer the add-ons to their workforce from their own servers -- and developers will still be able to initiate "in-line" installs from their website, assuming the add-on is also in the Chrome Web Store.
Only add-ons that were installed via such enterprise policies or by developers from their websites or software can avoid the automatic "hard disable" that Google mandated.
By forcing add-on developers to publish their work in the Store, Google moved another step closer to a closed market, the kind popularized by Apple's mobile app ecosystem, where it can more easily vet the extensions and then yank them if necessary.
On the Mac version of Chrome 32, add-ons that had been installed from sources other than the Chrome Web Store -- such as 1Password's extension, which was installed on one staffer's Mac by that password management software -- were not disabled but were instead marked with "Not from Chrome Web Store."