Published on April 29th, 2020 📆 | 3039 Views ⚑0
Google updates Chrome Web Store policy to block extension spam
Google today updated the Chrome Web Store’s spam policy to block extension spam so that users can have a real chance to avoid potentially malicious extensions while sifting through 200,000 add-ons available in the store.
Chrome extensions delivering similar functionality to others already published to the store, extensions with misleading information, extensions used only for launching apps, webpages, or other similar resources, and extensions abusing notifications for malicious or annoying purposes will be removed or blocked on submission starting with August 27, 2020.
Google says that “the increase in adoption of the extension platform has also attracted spammers and fraudsters introducing low-quality and misleading extensions in an attempt to deceive and trick our users into installing them to make a quick profit.”
“We want to ensure that the path of a user discovering an extension from the Chrome Web Store is clear and informative and not muddled with copycats, misleading functionalities or fake reviews and ratings,” the company added.
Developers are also forbidden from attempting to manipulate their extensions placement in the Chrome Web Store, which means that inflating their ratings, download, counts, or posting fake reviews will get them kicked out of the store.
This is the full list of spam policy updates designed with the quality of Chrome extensions in mind:
The new Chrome Web Store spam policy can be found within Google’s Developer Program Policies.
More information about today’s changes and how they apply to Chrome extensions are available on the Spam policy FAQ page.
Google also has a problem with malicious extensions reaching its web store, as shown by the removal of 500 copycat and malicious Chrome extensions in February 2020.
These extensions were used to launch malvertising attacks that impacted the web browsers of roughly 1.7 million users according to Cisco’s Duo Security team, allowing the attackers to collect and steal sensitive data while evading Google Chrome Web Store’s fraud detection.