Chrome closes add-on vulnerability
In 2012, Google began requiring that all new third-party add-ons be distributed through the Chrome Web Store. Then last year it began automatically disabling third-party add-ons that had been silently installed by other add-ons.
To circumvent that, vendors began buying add-ons that already existed in the Chrome Web Store and modifying them to distribute ads and malware such as JollyWallet.
Yesterday, February 20, Google issued another upgrade and this one finishes the job started in 2012. All extensions and add-ons now must originate from the Chrome Web Store and those previously installed from any other source will be “hard disabled,” meaning the user cannot re-enable them. For now this latest change only affects the Windows version of Chrome.