Browser extensions have always been a two-edged sword. On the one hand, they offer invaluable services to power users by enabling them to customize their web surfing experience as needed, but on the other hand, I still remember the toolbars of old and how some more regular users added dozens to their browsers, bugging down their machines. Many people don't even know that they've installed them, as they're offered with deceptive tactics. Thus, Google has already removed the often-abused inline installation option from Chromium last year. And on Thursday, the company also announced that it's further restricting deceptive installation tactics.
Even with inline installation removed, there are a couple of ways malicious actors can deceive people into installing their products. The most egregious tactic involves resizing the Chrome Web Store tab or window in a way that users can't see extension metadata or other further information on the item. But the possibilities for abuse start earlier than that: Websites also shouldn't use misleading interactive elements on their websites, such as call-to-action buttons, that suggest another outcome than the installation of an add-on. Another way developers could deceive users is by using "unclear or inconspicuous disclosures on marketing collateral preceding the Chrome Web Store item listing."
Developers must make sure they comply with these changes by July 1st, 2019, otherwise they risk being prohibited from the Web Store. It remains unclear whether a permanent ban would be enforced, or if access to distribution would be restored once the extension's install workflow is updated.
On another note, Google is putting some effort into user privacy with an update to Project Strobe, which requires extensions to use as little private data as possible to still retain functionality, and also forces developers that handle personal communications and user-provided content to add privacy policies on how they use said data.
- Chromium Blog