3

For enterprise-installed Chrome extensions on Windows, is there any alternative deployment methodology which does NOT fetch the extension from the Chrome web store? Situation is that some enterprises use a locked-down network with no external internet access, and will not allow access to public Google URL from which to fetch the extension.

Does anyone have any experience with Chrome browser plus extension deployments on Microsoft App-V?

Thomas McDermott
  • 91
  • 6

1 Answers1

4

Absolutely, it's possible. Though it requires a computer connected to a Domain.

Enterprise-installed extensions do NOT have to be hosted on Chrome Web Store.

Enterprise deployment happens with a ExtensionInstallForcelist policy. It's a list of ID + update URL pairs, and for enterprise installs it does not have to be a Web Store URL.

Update URL should point to an XML file served somewhere on your isolated network. The format of the update manifest file is explained here. Again, the path to the actual CRX does not have to point to the Web Store.

P.S. The files (update XML and CRX) don't even have to be served over HTTP(S), they can be local files or SMB-served files.

Community
  • 1
  • 1
Xan
  • 74,770
  • 16
  • 179
  • 206
  • What about the following disclaimer on the same page referenced by the link you provided -- "Warning: As of M33, Windows stable/beta channel users can only download extensions hosted in the Chrome Web Store (see Protecting Windows users from malicious extensions). " – Thomas McDermott Feb 20 '15 at 20:15
  • This does not apply to enterprise deployment. It only applies to registry-based installs. – Xan Feb 20 '15 at 20:26
  • That is excellent news! The docs should be more clear on this, though. – Thomas McDermott Feb 20 '15 at 20:44
  • It is expressly mentioned in the "Protecting ..." post that is linked. – Xan Feb 20 '15 at 20:45
  • OK, this is not working for me. I want to have files as local files. My updates.xml looks like this ---> My registry setting for ExtensionInstallForcelist looks like this ---> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;c:\test folder\folder2\folder3\updates.xml Both the .crx and the .xml file are located in that folder3 – Thomas McDermott Feb 20 '15 at 22:36
  • Got it working. Realized that local file path in both updates.xml and ExtensionInstallForcelist had to be of the form "file:///C:/test%20folder/folder2/folder3/filename" – Thomas McDermott Feb 21 '15 at 01:26
  • This is no longer working reliably for me!! Most of the time, the extension does not load. chrome::/policy lists ExtensionInstallForcelist properly with status OK. – Thomas McDermott Mar 27 '15 at 15:26
  • Is it true that one cannot do a local enterprise install from a non-domain Windows computer? Seem to be having trouble from workgroup machines. I found this documentation which seems to indicate that... https://www.chromium.org/developers/extensions-deployment-faq#TOC-What-are-the-supported-deployment-options-for-extensions-after-this-change- – Thomas McDermott Apr 02 '15 at 20:27
  • Yes, this is true. You need AD. – Xan Apr 02 '15 at 20:28
  • What is the reason for this? – Thomas McDermott Apr 02 '15 at 20:31
  • Malware being able to change GPO locally as opposed to requiring domain admin privileges. (That's a guess, I'm not affiliated with Google) – Xan Apr 02 '15 at 20:32