Distributors of unwanted Chrome extensions are coming up with new, sneaky, and simple methods to trick users into installing their extensions now that Google has banned inline installs.
Ultimately, based on some action such as clicking the install button or simply trying to close an alert, the site would attempt to perform an inline install of the extension directly from their site rather than from the Google Chrome Web Store.
An inline install is when a distributor offers an extension directly from a site under their control rather than the Chrome Web Store. Inline installs have been heavily abused by scammers trying to trick users into installing unwanted extensions via deceptive methods.
Due to this Google has started to deprecate the use of this feature.
⥤ Starting today, inline installation will be unavailable to all newly published extensions. Extensions first published on June 12, 2018 or later that attempt to call the chrome.webstore.install() function will automatically redirect the user to the Chrome Web Store in a new tab to complete the installation. ⥤ Starting September 12, 2018, inline installation will be disabled for existing extensions, and users will be automatically redirected to the Chrome Web Store to complete the installation. ⥤ In early December 2018, the inline install API method will be removed from Chrome 71.
At the current stage of the deprecation, no existing or new extensions can use inline installs and all extensions must now be installed directly from its associated Chrome Web Store page.
The banning of inline installs means that Chrome extensions have to be installed directly from the Chrome Web Store. To get past this, extension developers are simply opening a new window that opens the extension's page and resizes the window so its integrated into their landing page.
For example, below is a landing page for an extension that claims it lets you access popular television sites from your browser. Not sure what they are talking about, but the description on the Chrome Web Store page simply states they will display advertisements on pages you visit.
If a user clicks on the "Start Now" button, the site creates a new window to the corresponding Chrome Web Store extension page, but sizes it so that it is integrated into the landing page and hides most information other than the title and the add button. This allows them to show the Add to Chrome button without a user seeing a description, reviews, and the amount of users who have installed the extension.
As far as the visitor is concerned, this provides a similar experience as inline installs and allows unwanted extension distributors to promote their products in a misleading manner.
With this said, when installing Chrome extensions only do so by going directly to the Chrome Web Store where you can see the full description, amount of reviews, rating, and more. This way you know what you are getting into before installing an extension that may regret later.