I'm writing a Google Chrome extension that needs to do a lot of things with other extensions, such as:
List installed extensions and read their IDs
Request extension installation, update and removal (preferably without bothering the user)
Modify extension settings
and so on. Which of these are possible, and which are not (due to e.g. security considerations)?
P.S. I haven't been able to find answers in the inter-extension messaging section of the official docs (or anywhere else, actually).
You can do most of those things today with chrome.management API. For example:
Get a list of information about installed extensions and apps:
chrome.management.getAll(function callback)
Uninstall a currently installed app or extension:
chrome.management.uninstall(string id, object options, function callback)
Chromium developer Brian Kennish states here suggests writing an NPAPI plugin as the most rational option to achieve the desired effect.
This is not directly possible via the extension API. To be honest, I wouldn't recommend using NPAPI for this either since you'd have to modify files which are in-use by the browser, which is unreliable at best.
Related
I am developing a Google Cast sender application and on my web page in chrome browser, I need to detect if the Google Cast extension is installed or not before doing something.
I did some searching and found some suggestions for detecting chrome extensions if developer owns both website and extension. In my case, I am trying to detect an extension not developed by me. Is there an API or another way to detect installation of a third party chrome extension?
The standard way (used by the library itself) of detecting whether the extension is installed is to try and load a web-accessible file from it.
This, however, leads to an unwanted effect of producing error messages in the console (which are "network" errors and not JS errors, and therefore cannot be hidden) when Cast is not installed.
Also, you should not do this probing yourself, specifically because you don't control Google Cast - and it's not guaranteed to be stable in how it operates internally. There is a library you're expected to use as a Sender, and you should rely on the library initialization callback for detecting Cast.
I have seen other answers here, such as this.
But nowadays, you cannot simply drag an extension to the browser and expect it to work. Google does not allow you to activate it, showing a message "not downloaded from chrome store"
Now, I really don't want to publish anything. It's a personal extension for me and friends! How can I workaround this limitation?
You could publish to testers.
I know you said you didn't want to publish anything but it only shows up to google accounts you have listed at testers.
You really only have two options:
Distribute the crx and have them run in developer mode.
List the extension on the Chrome store.
It sounds like #1 is a problem for you (as it is for most). If you go with option #2, you can list the extension privately, so it isn't listed in the Chrome store.
For context, Google is not doing this to hold people back. Most of the browsers have tightened up these methods to prevent abuse. From Google's perspective, they cannnot differentiate between your friendly use case, and a hacker using an extension to place malware. If it's published through the store, they can scan for malware.
I added two extensions to my google chrome that I want to send to some extern users, which are not "technical" people (I mean that they don't have IT skills). Instead of showing them how they can download and add an extension to their google chrome, I want to simplify this task by sending them an installation file of chrome (or chromium) which already contains these two extensions. So, in this case, the only thing that they have to do is just to do a normal installation (with the .exe file since they use only windows) like there are installing a normal google chrome! After that, they will have a chrome which already includes these two extensions.
Can you tall me how can I do that? because I have no idea of it..
Thank you!!
Chrome has instruction for doing this here: https://developer.chrome.com/extensions/external_extensions. You should be able to do it via a registry addition.
Note, as of Chrome 33, you will need to publish the extension to the store, and you just add update urls. Chrome does not allow installation otherwise for security reasons.
I compile the extension using the --pack-extension switch:
C:\Users\APOL0\AppData\Local\Google\Chrome\Application>chrome.exe --pack-extension="D:\MyExt"
Everything works fine: chrome generates Myext.crx and Myext.pem but I don't know how I can get extension ID for automatic installation using Windows' registry.
How can I get this ID without using "manual verification", ie. programatically?
Edit May 14, 2018: Added clarification and link to 3rd party tool.
There is no official supported method (at time of writing) to programmatically get the extension ID from a CRX without manually interacting with Chrome. (See official method below)
Unofficial Method
The only programmatic method I've found any reference to online is on this SO answer. The author of the answer later posted a link to a ChromeIdGenerator tool they wrote to accomplish this. The tool is based on how Chrome calculated its extension IDs at that point. Full disclosure: I have not tested the tool to ensure its accuracy, it is simply the only tool I've found to accomplish what you're asking.
Official Method (manual)
If you open up your Chrome Extensions manager page, you can drag and drop your Myext.crx onto the page (you must be in "Developer Mode") and it will load your extension, showing you the new extension id.
I have begun using Google Chrome as a primary browser, but I miss my Evernote extension, which can clip a web page directly to the local Evernote application. Is it possible for me to write an extension in Chrome that can do this?
Yes it is possible, through NPAPI, but your local application should be prepared for external communication. Code running in an NPAPI plugin has the full permissions of the current user and is not sandboxed or shielded from malicious input by Google Chrome in any way.
All this is described here:
http://code.google.com/chrome/extensions/npapi.html
To avoid the NPAPI way, another idea would be to communicate with a custom local http server binded to localhost and send requests to it.
Disclaimer: Never tried it but theoretically it should work.
I don't think chrome allows this, simply because it would be dangerous to let plugins have extended priviledges, they even run in an extra, low-rights thread and only communicate with chrome itself through pipes.