Google has taken the unusual step of temporarily suspending all commercial browser extensions sold in the Chrome Web Store.
The company says it has been alerted to a “significant increase” in scams and frauds being launched by some of these extensions. Chrome users are sometimes urged to download and install certain extensions to enhance the browser’s performance or to make it do special things. There’s almost always some kind of fee involved.
Now, Google says some of these extensions “aim to exploit users” and all are being suspended until everything can be sorted out. It turns out the problem may have been building over time.
Nearly a year ago, ZDNet reported that a popular commercial Chrome extension had started serving users with popup ads. At the time, the extension was being used by more than 4 million consumers.
This particular extension was called Automatic 4K/HD for YouTube and was used to enhance and control the quality of YouTube videos.
“The popup ads abuse Chrome's ability to show desktop notifications, permission that the extension contains from users during installation, but which it is not allowed to abuse to bombard them with unrelated content, such as ads,” ZDNet reported in February.
A few months later, Google reviewed and updated its policies regarding third-party extensions for its browser. Most of those updates had to do with better protecting user privacy. In October 2018, Google said it was taking steps to “ensure that all Chrome extensions are trustworthy by default.”
According to Forbes, this most recent action was driven by a discovery earlier this month that some commercial Chrome extensions were carrying out fraud and that the activity had recently increased.
Chrome users who have not downloaded or installed extensions that require payment are likely not affected. Users who have paid for extensions will not receive any extension updates until Google lifts its ban.
In November, the Security Research Team at Checkmarx reported finding a vulnerability in both the Google and Samsung camera app that allowed hackers to commandeer the app and take photos and/or record videos via a malicious application that had zero permission to go that far.
Google responded quickly, telling ConsumerAffairs the issue was addressed on impacted Google devices via a Play Store update to the Google Camera Application. A patch was made available to all partners.