Google Confirms Chrome Security Shocker
Google Confirms Chrome Security Shocker
Google has suspended the publishing and updating of paid for extensions in the Chrome Web Store LIGHTROCKET VIA GETTY IMAGES
Google has confirmed that all commercial, paid for, extensions have been temporarily suspended from being published or updated in the Chrome Web Store. A “significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users” has been cited as the reason.
Google takes preemptive action to protect users
Google has a decent enough track record of getting security right. Not that it’s perfect, of course, as the Google Camera app vulnerability affecting hundreds of millions of Android users demonstrated. More often than not, however, Google is good at taking preemptive security action such as updating the Chrome browser to double-check code-signing certificates following the Windows 10 curveball crypto vulnerability revelations recently.
Google Project Strobe marked a turning point for Chrome extension security
Then there’s the Google Play Protect system that’s built into your Android device to scan and verify the apps you have installed. The idea being that this adds another layer of security, on top of the testing apps go through before being allowed anywhere near the Play Store, for Android users.
An idea that can be kiboshed by one particularly nasty piece of malware, as I reported January 13. When it comes to Chrome extensions, though, Google hasn’t always enjoyed the best reputation for addressing security and privacy issues executed through rogue developers.
That started to change back in May 2019, when Google announced new policies for Project Strobe to strengthen the third-party extension auditing process.
Google suspends the publishing of paid items from the Chrome Web Store
Now, in a surprising turn of events, Google has taken the unprecedented step of suspending all “paid items” from the Chrome Web Store to protect users from fraudulent transactions.
A posting by Google Chrome extensions developer advocate, Simeon Vincent, confirms that an upturn in such extension-driven transaction fraud occurred earlier this month.
“Due to the scale of this abuse, we have temporarily disabled publishing paid items,” Vincent wrote, adding that the temporary measure was being imposed to “stem this influx as we look for long-term solutions to address the broader pattern of abuse.”