Those producing software with ill intent used to be able to take advantage of a setting in Chrome that allowed for silent extension installation by default. That feature, however, was disabled earlier this year starting with Chrome 25 which prompted malware makers to search for new installation methods.
Since then, attack methods have shifted to try and get around silent installation blockers by misusing Chrome’s central management settings which are typically used by organizations to configure instances of the browser. By doing this, installed extensions are enabled by default and can’t be uninstalled or disabled within Chrome. We are told that other variants include binaries that can directly manipulate Chrome preferences to enable silent installs and turn on extensions within these binaries.
Google said the new measures are designed to detect software that violates Chrome’s standard mechanisms for deploying extensions. The recent security measures are said to expand Google’s capabilities to detect and block malware that falls into this category.
Google points out that application developers should adhere to Chrome’s standard mechanisms for extension installation. That umbrella includes the Chrome Web Store, inline installation and other deployment options.