Google this week announced a new set of rules for its Chrome Web Store, meant to ensure that developers don’t spam users with extensions that have similar functionality.
The Chrome Web Store has been available since 2011, offering a total of more than 200.000 browser extensions that allow users to easily customize their browsing experience in Chrome.
Just as with other application storefronts, Chrome Web Store too was the target of cybercriminals looking to leverage it for malware distribution or for other malicious purposes.
The increase in extension adoption has resulted in spammers and fraudsters submitting to the marketplace low-quality and misleading extensions and tricking users into installing them, in an attempt to make a quick profit.
“We want to ensure that the path of a user discovering an extension from the Chrome Web Store is clear and informative and not muddled with copycats, misleading functionalities or fake reviews and ratings,” Google says.
To make sure it can eliminate low-quality extensions and duplicates from the store, the Internet giant has updated its spam policy, so as to prevent developers and affiliates from publishing multiple extensions offering the same experiences or functionality.
What’s more, Google now requires that extensions do not have “misleading, improperly formatted, non-descriptive, irrelevant, excessive, or inappropriate metadata.” Such information includes the extension description and developer name, along with title, icon, and screenshots.
“Developers must provide a clear and well-written description. Unattributed or anonymous user testimonials in the app’s description are also not allowed,” Google says.
The updated policy also notes that developers should not attempt to manipulate the placement of extensions through illegitimately inflating product ratings, reviews, or installs counts.
The company is also banning extensions meant to install or launch another app, theme, webpage, or extension, as well as those that impact users’ browsing experiences by delivering spam, ads, promotions, phishing attempts, or unwanted messages.
“Extensions that send messages on behalf of the user without giving the user the ability to confirm the content and intended recipients are also not allowed,” Google says.
The new policy has been published in the updated Developer Program Policies and developers are required to comply by August 27, 2020. Past that deadline, all extensions that violate the updated rules will be taken down and disabled.
Related: Google Axes 500 Chrome Extensions Exfiltrating User Data
Related: Chrome Extensions Policy Hits Deceptive Installation Tactics
Related: New Service From Cisco’s Duo Labs Analyzes Chrome Extensions

More from Ionut Arghire
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Google Temporarily Offering $180,000 for Full Chain Chrome Exploit
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
Latest News
- Insider Q&A: Artificial Intelligence and Cybersecurity In Military Tech
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
