Chrome has long allowed sites to display install prompts for browser extensions to provide a seamless experience. Protections help insure that these inline installations aren’t abused. However, Google is now going further by making abuse detection run faster and more accurately.
Back in 2015, Chrome began disabling inline installations in cases where misleading or deceptive install flows were detected. This has helped a great deal:
Fewer than 3% of extensions still engage in these deceptive or confusing install flows, but this subset of extensions generates 90% more user complaints on average than the rest of the extensions in the Chrome Web Store.
To counter this, abuse protections will be expanded starting with an upgrade to the automated inline installation abuse detection. This will result in faster and improved detection of nefarious sites taking advantages of confusing install flows.
Furthermore, machine learning will be leveraged to evaluate “each inline installation request for signals of deceptive, confusing, or malicious ads or webpages.” If found, inline installs will be disabled and users directed to the Chrome Web Store to complete the download.
Google notes that developers who abide by the rules should not be impacted by these upgrades and that the expanded protections will rollout starting in a few weeks.