Chrome and Firefox Clamp Down on Suspicious Behavior
Both Chrome and Firefox administrators have had to take action recently to halt the spread of malware via extensions and add-ons.
Google developer advocate Simeon Vincent explained over the weekend that the Chrome Web Store team detected an increase in fraudulent activity earlier in the month attempting to exploit users of the popular browser.
“Due to the scale of this abuse, we have temporarily disabled publishing paid items. This is a temporary measure meant to stem this influx as we look for long-term solutions to address the broader pattern of abuse,” he continued.
“If you have paid extensions, subscriptions, or in app-purchases and have received a rejection for ‘Spam and Placement in the Store’ this month, this is most likely the cause.
Extension developers will not be allowed to update their offerings while these temporary measures last. Those who want to publish an item that has been rejected are urged to reply to the rejection email and request an appeal.
“You may be asked to republish your item, at which point the review should proceed normally. You must repeat this process for each new version while this measure is in place,” said Vincent.
Unfortunately for developers, there’s no immediate end in sight for these temporary measures.
“We are working to resolve this as quickly as possible, but we do not have a resolution timeline at the moment. Apologies for the inconvenience,” concluded Vincent.
The news comes as rival browser Firefox experiences its own security issues. Mozilla administrators have begun removing scores of dodgy add-ons from the Mozilla Add-on (AMO) portal, and disabling any found in existing browser deployments.
Many of those marked for attention are thought to have been executing code from remote servers, installing malware, deliberately hiding code or eavesdropping on user searches.
Over 120 banned add-ons appear to have been published by a single developer, 2Ring, and were removed for executing remote code — which is illegal according to Mozilla’s add-on rule book.
Source: Information Security Magazine