Google is to block all add-ons for the Chrome browser unless they are downloaded from its own Chrome web store.

The reason behind the ban, which will come into effect in January, is to overcome the increasing problem of malware that installs itself without permission on a user’s browser.

Chrome usually checks whether users want to install an extension, but the malware writers have found ways around this check so can modify the browser, overriding settings and performing actions such as replacing the New Tab Page without approval.

To overcome this problem, Chrome will only accept extensions that are hosted in the Chrome Web Store. Local extensions and those installed via Enterprise policy will still be acceptable. Chrome Apps will also continue to be supported normally. You can also still enable Developer Mode and load and test extensions in the usual way. A new Chrome Apps Developer Tool is also available from the Web Store to help manage extensions and apps.

The main features of the new tool are:

• Apps and extensions are now listed in separate tabs, reducing the potential for developer confusion and reinforcing the difference between the two item types. 
• Unpacked items and installed items are now listed separately, 
• You can individually update specific apps and extensions with one click, instead of having to update all items at once like in the old tab.
• The common actions for each item, such as reload, launch, view permissions, pack, and uninstall, are located right next to that item.
• The list can now be live-filtered using the Search box at the top right of the page instead of having to use the regular “Find in page” feature of Chrome.

The forthcoming change to download installation comes in addition to an earlier one that lets users reset their browser completely, removing all installed add-ons.

On the Chromium blog, Google’s Engineering Director Erin Kay explains that developers need to be ready for the change:

“ If your extensions are currently hosted outside the Chrome Web Store you should migrate them as soon as possible. There will be no impact to your users, who will still be able to use your extension as if nothing changed. You could keep the extensions hidden from the Web Store listings if you like. And if you have a dedicated installation flow from your own website, you can make use of the existing inline installs feature. “

Reaction to the new announcement has been mixed, particularly in view of the fact that developers have to pay a $5 registration fee to include apps in the store, and Google will then take 5 percent of the revenue generated by apps.