Security Experts:

Google Halts Publishing of Paid Chrome Extensions Due to Fraud

After observing an increase in the number of fraudulent transactions, Google over the weekend announced that it halted the publishing of paid items to the Chrome Web Store.

The company says this is only a temporary measure meant to put a stop to the influx of abuse, but it is currently looking for long-term solutions to the problem. No details have been provided about these fraudulent transactions.

“Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users. Due to the scale of this abuse, we have temporarily disabled publishing paid items,” Simeon Vincent, extensions developer advocate at Google, explains.

Vincent also says that some developers might have had their submissions rejected earlier this month because of this issue. This applies to paid extensions, subscriptions, or in app-purchases that were rejected for “Spam and Placement in the Store.”

The search giant would eventually allow for the rejected items to be published in the store, as long as their developers reply to the rejection email and request an appeal.

“You may be asked to republish your item, at which point the review should proceed normally,” Vincent also says.

The major inconvenience, however, is that this process must be repeated for each new version of an application, at least as long as the shutdown is in effect. In fact, some developers are already seeing their extensions rejected even following minor fixes.

Unfortunately, Google hasn’t provided a timeframe for when things might get back to normal.

Some of the developers replying to Vincent’s announcement complained about Google not informing them about this measure earlier.

While some of them say that they replied to the rejection emails multiple times without being able to resolve the issue, others say that they even ended up having their accounts suspended due to the number of replies sent.

“While it's unknown what is happening at Google and its actions, it must be a serious issue. Speculation from my experience would be one of fraud, where the criminals have infiltrated the Chrome store and inserted malicious code to steal personal identifiable information (PII), along with credit card information,” James McQuiggan, security awareness advocate at KnowBe4, told SecurityWeek in an emailed comment.

Related: Chrome Extensions Policy Hits Deceptive Installation Tactics

Related: Google Tightens Rules for Chrome Extensions

Related: Google Bans Crypto-Mining Chrome Extensions

view counter