How to prevent installation of Google Chrome extensions

Question

How can I prevent the installation of Chrome extensions on desktop?

Asked before at http://superuser.com/questions/692978/preventing-the-installation-of-chrome-addons — Rob W, Aug 28 '14 at 08:39

score 12 · Accepted Answer · answered Aug 27 '14 at 12:25

12

You can do this with a GPO. Go to Computer Configuration > Administrative Templates > Google > Google Chrome. Look for a folder named Allowed extensions. There configure a blacklist of *. This will prevent users from installing plugins.

answered Aug 27 '14 at 12:25

Lucas Kauffman

54,169
17
112
196

score 8 · Answer 2 · answered Dec 29 '16 at 13:06

I was going to add this as a comment to Lucas Kauffman's answer, but I don't have the rep to leave comments yet.

In Win7 Ultimate (and probably most other versions of Win7), you have to download and install Google's GPO manually before you have access to the GPO settings Lucas Kauffman mentioned.

DL: http://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip

DL and unzip google's Administrative templates, Then add the GPO template for Google Chrome manually: Right-click Administrative Templates and select Add/Remove Templates then browse to where you Downloaded and Extracted the policies and add the one for your region, then follow Lucas Kauffman's instructions:

"Go to Computer Configuration > Administrative Templates > Google > Google Chrome. Look for a folder named Allowed extensions. There configure a blacklist of *. This will prevent users from installing plugins." - Lucas Kauffman

score 5 · Answer 3 · edited Mar 04 '15 at 10:28

5

you can make it local by giving permission on extention folder in this path

C:\Users\*your user*\AppData\Local\Google\Chrome\User Data\Default\Extensions

rightclick->security-> select user-> deny all

edited Mar 04 '15 at 10:28

Jens Erat

23,446
12
72
96

answered Mar 04 '15 at 09:46

Yasser Elzanouny

51
1
1

This was my go to solution ever since. Until on Chrome 72, after applying Chrome marks the extensions unusable, corrupted and needs repair. Do not deny all. Just deny write for user. – admin Mar 03 '19 at 00:33
Unfortunately, this can be easily bypassed by creating a new profile in Chrome. Each new profile gets its own folder C:\Users\*your user*\AppData\Local\Google\Chrome\User Data\\Extensions – DFB Oct 10 '21 at 14:44

entonio · Answer 4 · 2018-01-20T21:34:10.573

On Mac,

I haven’t had success with filesystem permissions
I could write a cron script to delete the folder every minute, but that felt too brute-force

I've seen the reference to use a group policy. I'm not familiar with that and didn't find the instructions clear to follow, so I've settled for configuring a Folder Action Script to just delete the extension's folder whenever it's created:

Open Script Editor
Create a script with the following:

on adding folder items to this_folder after receiving added_items tell application "Finder" repeat with added_item in added_items if name of added_item is "<place the extension's id here>" then delete added_item end repeat end tell end adding folder items to

Save it to ~/Library/Scripts/Folder Action Scripts/ or /Library/Scripts/Folder Action Scripts/
Right-click ~/Library/Application Support/Google/Chrome/Default/Extensions
Choose Configure Folder Actions to add the created script to the folder

In my experience, this is enough. The folder is not deleted immediately, but with a delay of few seconds. Chrome's attempts to restore the folder each time you start it aren't successful. You can hear Finder's 'file deleted' sound.

Why would it be targeted to a particular extension's ID, if the goal is to counter the addition of *any* new extension? — Jacob C., Apr 05 '18 at 17:14
because 1) the question didn't make it explicit that it referred to any/all, and 2) this can easily be adapted to target any extensions, whereas the reverse would not be so simple to adapt for those not familiar with AppleScript. — entonio, Apr 05 '18 at 17:20
Ah. Fair enough. The Windows-related answers seem to interpret the question as having meant "any" (which is my guess at the indended meaning as well, and what I myself came here looking for, after having found that a relative had mistakenly installed sketchy extensions), but in any case, as you say, this is easily adapted by removing ````if name of added_item is "" then ````. Thank you. — Jacob C., Apr 09 '18 at 20:28

score 1 · Answer 5 · edited Dec 13 '19 at 07:40

1

For Mac, open terminal as the user and type:

chmod 444 ~/Library/Application\ Support/Google/Chrome/Default/Extensions

This changes the permissions on the Extensions folder to read only and stops new extensions from being installed.

edited Dec 13 '19 at 07:40

MacLuser

3
2

answered Aug 26 '18 at 12:37

Michael Whitis

11
1

2

Can you expand on your answer to explain what the command does and how it answers the question? – schroeder Aug 26 '18 at 19:49
This command stops extensions from being updated, too... – schroeder Dec 13 '19 at 07:39
This was exactly what I wanted. My grandmother keeps getting keyloggers and random crap installed through scammers and I needed something as harsh as this to lock it down. Thank you! – Brandon Aaskov Aug 04 '21 at 15:14
This command stopped my extensions from working at all. There may be a variation on the `chmod` command that would work better, but you may be onto a good solution here. My worry about this answer is that my Extensions directory did not have read permissions for Group and Other which this command grants. I could imagine that might expose sensitive data if any extension files house it. – King Holly Jan 18 '22 at 21:00

score -2 · Answer 6 · answered May 07 '15 at 05:21

If you don't use extensions change the name of the extension folder. ex: C:\Users\Username\AppData\Local\Google\Chrome\User Data\Default\Extensions

change it to 0000extensions or what ever.

seems to fix the problem, if you do not use extensions. Extensions can not be downloaded when the folder does not exist.

How to prevent installation of Google Chrome extensions

6 Answers6