Connect with us

Hi, what are you looking for?


Application Security

Google Halts Publishing of Paid Chrome Extensions Due to Fraud

After observing an increase in the number of fraudulent transactions, Google over the weekend announced that it halted the publishing of paid items to the Chrome Web Store.

After observing an increase in the number of fraudulent transactions, Google over the weekend announced that it halted the publishing of paid items to the Chrome Web Store.

The company says this is only a temporary measure meant to put a stop to the influx of abuse, but it is currently looking for long-term solutions to the problem. No details have been provided about these fraudulent transactions.

“Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users. Due to the scale of this abuse, we have temporarily disabled publishing paid items,” Simeon Vincent, extensions developer advocate at Google, explains.

Vincent also says that some developers might have had their submissions rejected earlier this month because of this issue. This applies to paid extensions, subscriptions, or in app-purchases that were rejected for “Spam and Placement in the Store.”

The search giant would eventually allow for the rejected items to be published in the store, as long as their developers reply to the rejection email and request an appeal.

“You may be asked to republish your item, at which point the review should proceed normally,” Vincent also says.

The major inconvenience, however, is that this process must be repeated for each new version of an application, at least as long as the shutdown is in effect. In fact, some developers are already seeing their extensions rejected even following minor fixes.

Advertisement. Scroll to continue reading.

Unfortunately, Google hasn’t provided a timeframe for when things might get back to normal.

Some of the developers replying to Vincent’s announcement complained about Google not informing them about this measure earlier.

While some of them say that they replied to the rejection emails multiple times without being able to resolve the issue, others say that they even ended up having their accounts suspended due to the number of replies sent.

“While it’s unknown what is happening at Google and its actions, it must be a serious issue. Speculation from my experience would be one of fraud, where the criminals have infiltrated the Chrome store and inserted malicious code to steal personal identifiable information (PII), along with credit card information,” James McQuiggan, security awareness advocate at KnowBe4, told SecurityWeek in an emailed comment.

Related: Chrome Extensions Policy Hits Deceptive Installation Tactics

Related: Google Tightens Rules for Chrome Extensions

Related: Google Bans Crypto-Mining Chrome Extensions

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.