Many applications bundle Chrome extensions with they setup files. Avast, Kaspersky and AVG are a few examples which ask you to install a web browser extension while installing them. Chrome shows notifications if there are extensions added by other apps, so the extensions are not installed automatically but there are some Windows applications that found some loopholes and bypassed Chrome's security features, so Chrome's engineers has now decided to block all Chrome extensions from other sources than the Chrome Web Store.
From the Chromium blog:
As part of our continuing security efforts, we're announcing a stronger measure to protect Windows users: starting in January on the Windows stable and beta channels, we'll require all extensions to be hosted in the Chrome Web Store.
There are some exceptions to this rule: developers and power users will still be able to install unpacked extensions and business users will still be able deploy extensions. Everyone else will have to install extensions from the Chrome Web Store.