Ars Technica: Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs. “Google is hosting dozens of extensions in its Chrome Web Store that perform suspicious actions on the more than 4 million devices that have installed them and that their developers have taken pains to carefully conceal.”

https://rbfirehose.com/2025/04/13/ars-technica-researcher-uncovers-dozens-of-sketchy-chrome-extensions-with-4-million-installs/

PayPal honey extension has again "featured" flag in Chrome web store — https://chromewebstore.google.com/detail/paypal-honey-automatic-co/bmnlcjabgnpnenekpadlanbbkooimhnj/reviews
#HackerNews #PayPal #Honey #Chrome #Extension #ChromeWebStore #Featured #Flag #Updates #Technology #News

I might have sent a less than polite reply to this mail by Google’s Chrome Web Store developer support. I know what I can, but I’m definitely not going to report 62 malicious extensions individually. Moderating that place is their job, not mine. If they need 62 tickets, they can surely create those themselves.

#Google #CWS #ChromeWebStore

I meant to publish a rant about Google and Chrome Web Store for a while now, and now it is out: https://palant.info/2025/01/13/chrome-web-store-is-a-mess/

This details many of Google’s shortcoming at keeping Chrome Web Store safe, with the conclusion: “for the end users the result is a huge (and rather dangerous) mess.”

I am explaining how Google handled (or rather didn’t handle for most part) my recent reports. How they make reporting problematic extensions extremely hard and then keep reporters in the dark about the state of these reports. How Google repeatedly chose to ignore their own policies and allowed shady, spammy and sometimes outright malicious extensions to prevail.

There is some text here on the completely meaningless “Featured” badge that is more likely to be awarded to malicious extensions than to legitimate ones. And how user reviews aren’t allowing informed decisions either because Google will allow even the most obvious fakes to remain.

I’ve also decided to publish a guest post by a researcher who wanted to remain anonymous: https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/

This post provides more details on BIScience Ltd., another company selling browsing data of extension users. @tuckner and I wrote a bit about that one recently, but this has been going on since at least 2019 apparently. Google allows it as long as extension authors claim (not very convincingly) that this data collection is necessary for the extension’s functionality. It’s not that Google doesn’t have policies that would prohibit it, yet Google chooses not to enforce those.

#google #cws #ChromeExtensions #privacy #ChromeWebStore

My research on how Chrome extensions spam Chrome Web Store search with irrelevant keywords has been picked up by @dangoodin: https://arstechnica.com/security/2025/01/googles-chrome-web-store-has-a-serious-spam-problem-promoting-shady-extensions/

The article quotes me towards the end, something that is worth repeating:

“It wasn’t that hard to notice, and they have better access to the data than me. So either Google isn’t looking or they don’t care.”

#cws #ChromeWebStore #google #ChromeExtensions #spam

Back in October I asked here why searching for “Norton Password Manager” on Chrome Web Store brings up five completely unrelated extensions which all show up before the actual Norton Password Manager. Now I know the answer: some extension authors figured out how to use translations in order to mess with the search results. https://palant.info/2025/01/08/how-extensions-trick-cws-search/

I found 920 extensions using this approach. Most of them fall into a few large extension clusters that are spamming Chrome Web Store. For example, I could attribute 122 extensions to the Kodice / Karbon Project / BroCode cluster that I covered in June 2023 originally. Another 100 extensions belong to the PDF Toolbox cluster that originally appeared on my blog in May 2023. The ZingFront / ZingDeck / BigMData cluster is one I also researched back in 2023 but didn’t publish – 223 extensions.

There is also a cluster that was new to me and which I couldn’t really tie to a company name (apart from finding two red herrings). There seems to be a Ukrainian/Russian language part and a Farsi (?) language part here, and it’s hundreds of extensions despite only 55 of them qualifying for the list in this article.

Now that this is out, are you as excited as me to see what Google will do about this?

#google #cws #ChromeExtensions #chrome #ChromeWebStore #spam

El 7 de diciembre de 2010 Google lanza su tienda Chrome Web Store, dedicada a las aplicaciones web para su navegador Chrome, a través de extensiones y temas visuales, que la mayoría son gratuitas y otras de paga
#retrocomputingmx #Chromewebstore

50 delle migliori estensioni per Google Chrome

Leggi articolo aggiornato: https://www.tantilink.net/2018/09/le-migliori-estensioni-per-chrome.html

#chrome #googlechrome #browser #estensioni #chromeextensions #extensions #ChromeWebStore

📬 Chrome-Erweiterungen bleiben Sicherheitsrisiko: Studie belegt Schwachstellen
#Datenschutz #ITSicherheit #BrowserAddon #ChromeWebStore #ChromeErweiterungen #ManifestV3 #Schadcode #Sicherheitsrisiko https://sc.tarnkappe.info/89ec84

#GWB - Google Chrome: Populärer Werbeblocker vor dem Aus – Google warnt vor uBlock Origin und anderen Blockern - https://www.googlewatchblog.de/2024/10/google-chrome-blockiert-ublock/ #chromewebstore #googlechrome #Google

Google Play and Chrome Webstore apps have been officially retired. Please use the web apps on my blog site instead.

Google Play and Chrome Webstore apps have been officially retired.
https://hollandnumerics.org.uk/wordpress/2024/08/google-play-and-chrome-webstore-apps-have-been-officially-retired-please-use-the-web-apps-on-my-blog-site-instead/
#sas #apps #googleplay #chromewebstore #webapps

https://github.com/uBlockOrigin/uBlock-issues/issues/3309

#uBlockOrigin #MV3 #CWS #ChromeWebStore

draft - Favorites New Tab Page extension - how about an option to lock the layout unless we right click and choose edit?

#chrome
#chromebook
#chromebrowser
#favorites
#favoritesnewtabpage
#internet
#bookmarks
#webbrowser
#weblauncher
#chromewebstore
#chromeos
#chromeextension
#chromeextensions
#google
#googlechrome
#noplacelikechrome
#theresnoplacelikechrome
#chromebookplus
#8gbram
#corei3
#chromeos127
#chromeos128
#10yearsofchromebookupdates
#usbc
#usb4
#android
#android15
#pixel
#pixel8
#pixel9
#chromeos129
#chromeos130
#novalauncher
#newtabpage

I threw together a little commercial-style video for my hobby-project extension's, Tab Shelf, Chrome Web Store page to celebrate the release of a new update! 🎉 (FYI: it's been considered by some to be the best vertical tab manager and automatic tab grouping extension out there)

#Chrome #ChromeWebStore #Extension

https://www.youtube.com/watch?v=_RGAesDeTtc

Przygotowałem krótką politykę prywatności dla #BetterKbin. Pewnie bym jej nie napisał, gdyby nie to, że #Google tego wymaga, żebym mógł dodać update opisu do #ChromeWebStore.
Praktycznie nic do czytania nie ma, ale jakby ktoś się nudził, to proszę bardzo: https://www.mstankiewi.cz/projects/other/betterkbin/privacy

TL;DR: ja nie zbieram żadnych danych. Rozszerzenie zapisuje tylko ustawienia i przesyła wybrane przez użytkownika linki na wybrany serwer, a co właściciel serwera z nimi zrobi to nie moja sprawa i za to nie odpowiadam.

"Favorites - New Tab Page" - topic search

ideas - maybe we could get an "undo" function?

developer, thank you for making this extension / new tab page. works wonderfullly. could we get an undo function so if we accidentally drag and drop something somewhere, we could right click and undo or something like that?

https://www.google.com/search?q=%22Favorites+-+New+Tab+Page%22

#chrome
#bookmarks
#bookmarkmanager
#chromeos
#chromebook
#chromeextension
#chromewebstore
#ideas
#chromeos125
#chromeos124

"Favorites - New Tab Page" - topic search

ideas - maybe we could get an "undo" function?

developer, thank you for making this extension / new tab page. works wonderfullly. could we get an undo function so if we accidentally drag and drop something somewhere, we could right click and undo or something like that?

https://www.google.com/search?q=%22Favorites+-+New+Tab+Page%22

#chrome
#bookmarks
#bookmarkmanager
#chromeos
#chromebook
#chromeextension
#chromewebstore
#ideas

"Favorites - New Tab Page" - topic search

https://www.google.com/search?q=%22Favorites+-+New+Tab+Page%22

#chrome
#bookmarks
#bookmarkmanager
#chromeos
#chromebook
#chromeextension
#chromewebstore

According to @ajayyy, the maintainer of SponsorBlock, typing "uBlock" into the Chrome Web Store search directs users to "uBlock" instead of uBlock Origin.
Actually searching returns both extensions.
This is because Google no longer gives MV2 extensions "featured" status, which elevates them in search predictions.

https://github.com/uBlockOrigin/uBlock-issues/discussions/2977#discussioncomment-9906082

#uBlockOrigin #uBlock #mv3 #chromeWebstore #browserExtensionSecurity

I'm updating my no_downvote_display extension to add support for Manifest v3 since I figure it's worthwhile to do so because downvotes can be bad mentally even with Google's anti-adblock thing. Officially I don't support Google Chrome or Chromium, but I do support #Vivaldi if you need a Chromium-based browser. Preferably I'd say to use Firefox if you can, though.
1/2

#Firefox #ChromeWebStore #Chrome #ManifestV3 #WebExtensions #Disqus #Chromium