11 October 18, 15:03
Quote:Developers of Chrome extensions had two main options when it came to getting Chrome users to install their extensions for the browser.Full reading: https://www.ghacks.net/2018/10/11/chrome...ll-bypass/
They could rely on the Chrome Web Store presence and link to it from third-party sites to get users to install the extension or use inline installations instead.
Inline installations kept the install process on a third-party website; convenient on the one hand as it meant that users could install the extension from the developer's website or another third-party site. Problematic on the other as the system was abused by malicious actors to push installations of extensions.
All it took was to upload the extension to Chrome and integrate it on third-party websites so that the extension would install without users leaving that site or having to visit the Chrome Store. Malicious actors used various methods to push extensions to user versions of Chrome that way.
Google revealed in early 2018 that it would add more protections against deceptive inline installations by retiring the functionality in June 2018.