Best practices for extension developers
This article is for Chrome Enterprise developers creating Chrome extensions for users.
If you’re creating extensions and publishing them through the Chrome Web Store, follow these Chrome extension development guidelines. The recommendations apply to extensions you publish for any user on the web (publicly) and users in your own organization only (privately).
Use group publishing
Use the group publisher in Chrome Web Store to manage the set of extension owners.
- Keep the group private to only those who should publish the extension.
- If you can’t use the group publishing, use company email accounts to publish enterprise extensions. To avoid difficulties if an email address owner leaves your company, do not use personal email addresses to publish enterprise extensions.
- Do not filter email sent to the group. Have a person in your company read it. This way, you won’t miss updates or warnings about take-downs if your extension is flagged for a violation.
For instructions, read Set up group publishing.
Protect accounts that modify extensions
Prevent targeted attacks. Don’t let attackers hijack your extension and push malware to your users:
- Set up strong 2-Factor Authentication with a security key on accounts. Learn more
- Use the Advanced Protection Program. Learn more
Stay compliant and up to date
Keep your extension code paths up to date and ensure you adhere to the current security and privacy requirements. Monitor new Chrome releases.
- Regularly read the Developer Guide. Learn more
- Review the Chrome Enterprise release notes. Learn more
Create a rule that gives higher priority to emails with subjects with "Announcement:" from @chromium.org addresses. Monitor general extensions platform updates. Also, identify breaking changes and regressions before they reach your users by developing and testing extensions in both the Chrome Stable and Canary channels.