This would seem to be a good way to verify that the extension you have is what its supposed to be basically its signed. Its an option in Chrome flags. chrome://flags This flag can be used to turn on verification that the contents of the files on disk for extensions from the webstore match what they're expected to be. This can be used to turn on this feature if it would not otherwise have been turned on, but cannot be used to turn it off (because this setting can be tampered with by malware).
No I've been running it on Chrome stable without a problem. I have it set to "Enforce Strict (hard fail if we can't get hashes). I have quite a few extensions too.
I don't understand the part about not being able to turn it off... "This can be used to turn on this feature if it would not otherwise have been turned on, but cannot be used to turn it off (because this setting can be tampered with by malware)" How does a user turn it off? Via the drop down menu, reset to Default? If yes, then wtf do they mean by cannot be used to turn it off?
I have a lot of flags set so I'm not going to experiment be resetting them all to default but it sounds like that would be the only way to turn it off - you couldn't just turn that one flag off is the way I interpreted it. If I get the time tomorrow I'll install chrome beta and try that out to see how it works as far as turning the flag off
I just installed the dev version to test turning this flag on and off and I had no problem doing so I could change it to any of the options relaunch and it showed changed after the browser restarted.
how exactly chrome extension verification works? i think they put public key in hardcoded exe and private key in chrome webstore? and they verify file hashes?