Google has laid out a plan for blocking third-party applications from injecting code into the Chrome browser.

The most impacted by this change are antivirus and other security products that often inject code into the user's local browser process to intercept and scan for malware, phishing pages, and other threats.

Google says these changes will take place in three main phases over the next 14 months.

Phase 1:

In April 2018, Chrome 66 will begin showing affected users a warning after a crash, alerting them that other software is injecting code into Chrome and guiding them to update or remove that software.

Chrome alert for code-injection apps

Phase 2:

In July 2018, Chrome 68 will begin blocking third-party software from injecting into Chrome processes. If this blocking prevents Chrome from starting, Chrome will restart and allow the injection, but also show a warning that guides the user to remove the software.

Phase 3:

In January 2019, Chrome 72 will remove this accommodation and always block code injection.

Google Chrome Canary is still at version 64, while stable Chrome is at version 62.

Google said the only ones getting a pass from this new policy are Microsoft-signed code, accessibility software, and IME (Input Method Editor) type-assist software.

Two-thirds of Chrome on Windows browsers will be affected

Chris Hamilton from Chrome's Stability Team said that roughly two-thirds of all Windows Chrome users have applications that inject code into Chrome.

"Users with software that injects code into Windows Chrome are 15% more likely to experience crashes," said Hamilton.

The search giant recommends that software vendors update their coding methods and use modern Chrome features such as browser extensions or the Native Messaging API, instead of the antiquated practice of code injection.

A full year's notice is, in theory, more than enough for most software vendors to update their code.