Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Google

Google Temporarily Suspends Developers' Ability To Publish or Update Their Extensions On Chrome Web Store After Detecting 'At Scale' Fraudulent Transactions (zdnet.com) 18

An anonymous reader writes: The Google security team has indefinitely suspended the publishing or updating of any commercial Chrome extensions on the official Chrome Web Store following a spike in the number of paid extensions engaging in fraudulent transactions. Google said the wave of fraudulent transactions began earlier this month. Google engineers described the fraudulent transactions as happening "at scale."

"This is a temporary measure meant to stem this influx as we look for long-term solutions to address the broader pattern of abuse," said Simeon Vincent, Developer Advocate for Chrome Extensions at Google. The ban on publishing or updating impacts all paid extensions. This includes Chrome extensions that require paying a fee before installing, extensions that work based on monthly subscriptions, or Chrome extensions that use one-time in-app purchases to get access to various features. Existing commercial extensions are still available for download via the official Chrome Web Store, however, extension developers can't push new updates.

This discussion has been archived. No new comments can be posted.

Google Temporarily Suspends Developers' Ability To Publish or Update Their Extensions On Chrome Web Store After Detecting 'At Sc

Comments Filter:
  • Either implement the feature in your browser or not.

    Extensions are always opening the door on a relatively secure browser to security problems.

    • I don't mind extensions, but I limit them to "known good ones" (a.k.a source code available). You never know what maniac might take over and start pushing malware. I do wonder though who actually intentionally pays for an extension.

      • If I ever had a mod point to give (which I don't), I'd give you a positive one for that comment, even though I disagree with your definition of "known good ones". There's no way to know what the source code is unless you can trace the entire provenance of the extension you are installing. I believe this is the proper citation for the infamous Ken Thompson hack: https://www.win.tue.nl/~aeb/li... [win.tue.nl]

        Actually, even if you have the source code, it doesn't matter unless you actually read and fully understand it. The

      • I don't mind extensions, but I limit them to "known good ones" (a.k.a source code available).

        That is a large task. Knowing the ins and outs of any extension is taking on typically a large source code base. If you're able to digest the tome of source that usually follows an extension, more power to you. But knowing the ins and outs and keeping up with all of the updates along the way. That's just not a possibility for a vast majority of end users.

    • by ftobin ( 48814 )

      Having one team try to develop everything a large, non-modular blob is a massive security risk. Do you want your OS maker to build your web browser? Any process you run in your OS is an "extension" of the OS.

  • There is currently a rogue ad or some other process that is redirecting Chrome users away from the normal Slashdot page. I have it blocked so it only goes to 127.0.0.1.

    • by 110010001000 ( 697113 ) on Wednesday January 29, 2020 @12:56PM (#59668268) Homepage Journal

      127.0.0.1 is my IP address! Stop sending me your crap.

  • Fraud? (Score:4, Informative)

    by smi.james.th ( 1706780 ) on Wednesday January 29, 2020 @01:32PM (#59668392)
    I wonder what kind of fraud this is. My credit card was hit for two $91 payments towards the end of December, saying "GOOGLE Chrome" in the reference. I cancelled the card, reported the fraud and was refunded, but I was quite curious as to how the transactions came about. TFA is sparse on details though.
    • Yes, some fraud (because Google's security is fairly lax until it gets a significant number of complaints or gets pressured by credit card companies) is involved, but the principal driver seems to be the escalating wars on ad-blockers that is beginning to hurt their business model. Freeware/community software (ex: uBlock origin) seems to be left alone, but they'll find a way to shut them down too, if they get too much of a critical mass.
      • Google needs to be attacking the shitware ad companies that force users to use Ublock Origin. Too bad we can't surf the web anymore without using a 'condom'. >:(

You are always doing something marginal when the boss drops by your desk.

Working...