CONFERENCE Watch Now: Threat Detection & Incident Response (TDIR) Summit - Watch Event On-Demand
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Google Steps Up Fight on Spam in Chrome Web Store

Google this week announced a new set of rules for its Chrome Web Store, meant to ensure that developers don’t spam users with extensions that have similar functionality.

The Chrome Web Store has been available since 2011, offering a total of more than 200.000 browser extensions that allow users to easily customize their browsing experience in Chrome.

Google this week announced a new set of rules for its Chrome Web Store, meant to ensure that developers don’t spam users with extensions that have similar functionality.

The Chrome Web Store has been available since 2011, offering a total of more than 200.000 browser extensions that allow users to easily customize their browsing experience in Chrome.

Just as with other application storefronts, Chrome Web Store too was the target of cybercriminals looking to leverage it for malware distribution or for other malicious purposes.

The increase in extension adoption has resulted in spammers and fraudsters submitting to the marketplace low-quality and misleading extensions and tricking users into installing them, in an attempt to make a quick profit.

“We want to ensure that the path of a user discovering an extension from the Chrome Web Store is clear and informative and not muddled with copycats, misleading functionalities or fake reviews and ratings,” Google says.

To make sure it can eliminate low-quality extensions and duplicates from the store, the Internet giant has updated its spam policy, so as to prevent developers and affiliates from publishing multiple extensions offering the same experiences or functionality.

What’s more, Google now requires that extensions do not have “misleading, improperly formatted, non-descriptive, irrelevant, excessive, or inappropriate metadata.” Such information includes the extension description and developer name, along with title, icon, and screenshots.

“Developers must provide a clear and well-written description. Unattributed or anonymous user testimonials in the app’s description are also not allowed,” Google says.

Advertisement. Scroll to continue reading.

The updated policy also notes that developers should not attempt to manipulate the placement of extensions through illegitimately inflating product ratings, reviews, or installs counts.

The company is also banning extensions meant to install or launch another app, theme, webpage, or extension, as well as those that impact users’ browsing experiences by delivering spam, ads, promotions, phishing attempts, or unwanted messages.

“Extensions that send messages on behalf of the user without giving the user the ability to confirm the content and intended recipients are also not allowed,” Google says.

The new policy has been published in the updated Developer Program Policies and developers are required to comply by August 27, 2020. Past that deadline, all extensions that violate the updated rules will be taken down and disabled.

Related: Google Axes 500 Chrome Extensions Exfiltrating User Data

Related: Chrome Extensions Policy Hits Deceptive Installation Tactics

Related: New Service From Cisco’s Duo Labs Analyzes Chrome Extensions

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.