Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Google Halts Publishing of Paid Chrome Extensions Due to Fraud

After observing an increase in the number of fraudulent transactions, Google over the weekend announced that it halted the publishing of paid items to the Chrome Web Store.

After observing an increase in the number of fraudulent transactions, Google over the weekend announced that it halted the publishing of paid items to the Chrome Web Store.

The company says this is only a temporary measure meant to put a stop to the influx of abuse, but it is currently looking for long-term solutions to the problem. No details have been provided about these fraudulent transactions.

“Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit users. Due to the scale of this abuse, we have temporarily disabled publishing paid items,” Simeon Vincent, extensions developer advocate at Google, explains.

Vincent also says that some developers might have had their submissions rejected earlier this month because of this issue. This applies to paid extensions, subscriptions, or in app-purchases that were rejected for “Spam and Placement in the Store.”

The search giant would eventually allow for the rejected items to be published in the store, as long as their developers reply to the rejection email and request an appeal.

“You may be asked to republish your item, at which point the review should proceed normally,” Vincent also says.

The major inconvenience, however, is that this process must be repeated for each new version of an application, at least as long as the shutdown is in effect. In fact, some developers are already seeing their extensions rejected even following minor fixes.

Unfortunately, Google hasn’t provided a timeframe for when things might get back to normal.

Advertisement. Scroll to continue reading.

Some of the developers replying to Vincent’s announcement complained about Google not informing them about this measure earlier.

While some of them say that they replied to the rejection emails multiple times without being able to resolve the issue, others say that they even ended up having their accounts suspended due to the number of replies sent.

“While it’s unknown what is happening at Google and its actions, it must be a serious issue. Speculation from my experience would be one of fraud, where the criminals have infiltrated the Chrome store and inserted malicious code to steal personal identifiable information (PII), along with credit card information,” James McQuiggan, security awareness advocate at KnowBe4, told SecurityWeek in an emailed comment.

Related: Chrome Extensions Policy Hits Deceptive Installation Tactics

Related: Google Tightens Rules for Chrome Extensions

Related: Google Bans Crypto-Mining Chrome Extensions

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...