Google took a final step in its years-long scheme to aggressively lock down Chrome by crippling all add-ons because of abuse of a loophole left in the rules last year.
On Wednesday, Google began requiring all extensions, also called add-ons, to originate from the Chrome Web Store for all builds of the Windows browser. The Chrome Web Store is Google's official distribution channel for Chrome and Chrome OS add-ons, apps and themes.
The same restriction will take effect on Chrome for OS X in July.
In May 2014, Google disabled most add-ons but let developers opt out by excluding its "dev" channel from the policy. The dev channel is one of three Google maintains and has the roughest edges of the trio, which also includes "beta" and "stable" channels.
"Unfortunately, we've since observed malicious software forcing users into the developer channel in order to install unwanted off-store extensions," said Jake Leichtling, extensions platform product manager, on the Chromium blog. "Affected users are left with malicious extensions running on a Chrome channel they did not choose."
Businesses can hide their extensions on the store from the public at large -- or continue to use group policies to offer the add-ons to their workforce from their own servers -- and developers will still be able to initiate "in-line" installs from their website, but only if the add-on is also in the store.
Google has been tightening the screws on add-ons for nearly three years, claiming that unauthorized and malicious extensions are a leading complaint from users and a major cause of problems with Chrome.
Leichtling said the rules worked: Google recorded a 75% drop in help requests for uninstalling unwanted add-ons since it first began disabling extensions not retrieved from the Chrome store.
By forcing add-on developers to publish their work in the store, Google has essentially adopted the "walled-garden" model popularized by Apple's mobile app ecosystem.
As happened a year ago, some users objected to the lockdown.
"Why isn't this opt in?" asked Joseph Hicks in a comment appended to Leichtling's blog. "I appreciate you want to help people, but I have no interest in your walled garden."
"The bottom line is that Google is going to force everything through their own vetting process, taking MY freedom to do MY OWN vetting," echoed Brian Covey. "I use a plug-in that is not available in the Chrome store. If I am ... only able to use whatever Google has deemed appropriate I'm afraid that will spell the end of Chrome for me."
A senior software engineer on the Chrome UI (user interface) team defended his company's policies in the comments section. "I wish that there were fewer restrictions on things in the store," said Peter Kasting. "And I wish that malware authors were not such total jerks and didn't work so hard to screw over our users, forcing us to begin locking things down in response. This is why we can't have nice things."