How to auto-install Chrome Extensions via GPO in Chrome 33+ (Chrome bug or undocumented change for GPO-installed extensions?)

google-chrome google-chrome-extension
11,421

Are the machines in question actually on a windows domain that is using Group Policy? We saw some malicious software abusing registry/GPO and have been tightening up the checks we already had in place that attempt to ensure that enterprise policy is only used by enterprise managed machines.

Share:
11,421
irag10
Author by

irag10

SOreadytohelp

Updated on July 05, 2022

Comments

  • irag10
    irag10 almost 2 years

    We have a Google Chrome extension built for internal corporate use. Up till now it's been deployed using GPO and that worked fine until Chrome 33 came along. Now the extension doesn't appear in the Extensions list and is not active :'(. Has the deploy/install process changed with Chrome 33 for GPO? Do we need to do anything different now, or how does one deploy an extension via GPO in a post-Chrome 33 world?

    We install using GPO as advised here ('Pre-installing via group policy' section) and detailed here. We set GPOs ExtensionInstallForcelist, ExtensionInstallWhitelist, and ExtensionInstallSources.

    Our extension and our update xml file is not hosted on the Chrome Web Store. There were planned changes in Chrome 33 (to protect users from malicious extensions) which force extensions to be on the Chrome Web Store, but from all the documentation we can find this shouldn't apply to GPO-installed extensions, as described http://www.chromium.org/developers/extensions-deployment-faq:

    Users can only install extensions hosted in the Chrome Web store, except for installs via enterprise policy or developer mode.

    ...

    What are the supported deployment options for extensions after this change? ... For Enterprises, we’ll continue to support group policy to install extensions, irrespective of where the extensions are hosted. Note that the user's machine has to join a domain for GPO policy pushes to be effective.

    ...

    Extensions that were previously installed, but not hosted on the Chrome Web Store will be hard-disabled (i.e the user cannot enable these extensions again), except for installs via enterprise policy or developer mode.

    and http://blog.chromium.org/2013/11/protecting-windows-users-from-malicious.html:

    We’ll continue to support local extension installs during development as well as installs via Enterprise policy, and Chrome Apps will also continue to be supported normally.

    Once users upgraded to Chrome 33 the extension disappeared, so it appears that something has changed regarding GPO deployment, but I don't see anything documented about the change (or obviously how to fix my deployment).

    We can't host on the Chrome Web Store because our extension uses an NPAPI component, which is no longer allowed for new Chrome Web Store extensions. There's significant effort involved in migrating to a different architecture that doesn't use NPAPI so that's not a short term resolution (although it is planned for the medium term). However, we've tried removing the NPAPI component to check if that's what Chrome 33 doesn't like, and it doesn't seem to be related to that. We've tried only using https in the urls, also doesn't work.

    Could be related to Issue 346386

    Thanks for any suggestions!

  • irag10
    irag10 about 10 years
    Thanks, it turned out the reports of this happening on domain-joined machines were wrong: it was only on workgroup workstations where this was a problem. Chrome #33 introduced a rule that non-webstore extensions can only be installed via GPO on domain-joined machines.
  • Mikael Dúi Bolinder
    Mikael Dúi Bolinder about 10 years
    @Antony Seems the mechanism disables access to enterprise apps on the AD DC.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

addEventListener not triggering when used in a Chrome extension
Difference between background script and content script in chrome extension
Developer Chrome extension: Package is invalid. Details: "Could not uzip extension'
How can I launch Chrome with an unpacked extension?
background.html vs. background.js - chrome extension
how to change response header in Chrome
chrome extension force mouse move
How to fix Native Host Has Exited error in Chrome browser extension -- Native Messaging
Chrome Extension “Refused to load the script because it violates the following Content Security Policy directive”
How to remove blacklist tag for extension?