back to article Google halts paid-for Chrome extension updates amid fraud surge: Web Store in lockdown 'due to the scale of abuse'

On Saturday, Google temporarily disabled the ability to publish paid Chrome apps, extensions, and themes in the Chrome Web Store due to a surge in fraud. "Earlier this month the Chrome Web Store team detected a significant increase in the number of fraudulent transactions involving paid Chrome extensions that aim to exploit …

  1. Detective Emil
    Thumb Up

    Stop the Madness …

    … is a worthwhile extension, even if the latest update has not hit Chrome. (The update was something minor to do with squelching autoplay video iirc.)

  2. HmYiss

    Sometimes..'s easy to dwell on all that's wrong with Firefox.

    Then I look at the alternatives - and immediately FF looks great again.

    1. Throatwarbler Mangrove Silver badge
      Paris Hilton

      Re: Sometimes..

      The only thing I encounter that's "wrong" with Firefox is that it doesn't seem to render as quickly as Chrome, presumably because Google is not pre-loading content for it. OTOH, I have uBlock Origin installed and some other plugins, which may create additional latency, which is a small price to pay for no advertising and improved privacy. Apparently, FF Mobile also lacks something called "Zoom and Reflow," which the Opera fanboys assure me is utterly indispensable but which I strangely have never needed.

    2. Anonymous Coward
      Anonymous Coward

      Re: Sometimes..

      Being lazy I would love FF to open a box when filling forms showing info requested so I could click ok and have the web form filled automatically.

      The containers good but need polishing...frankly would prefer every website to invisibly open in a separate container for just that website.

      I need all 3 browsers as use separate one for Facebook and chrome with cookies always deleted on closing to allow reading news articles.

      1. Tom 7

        Re: Sometimes..

        The autocomplete attribute can be applied to forms and input fields so people who have a clue about writing web pages can use that to make life easier for you.

        There were a list of names you could give to certain inputs to assist the browser in remembering these for prefilling such forms but I cant find it on a quick search so it may have been deemed a security hazard or just got lost over the years.

  3. jonathan keith


    So is Avast in line for some massive GDPR fines then?

    1. Nunyabiznes

      Re: Avast

      You would think and hope. Vegas isn't giving odds though.

    2. Jamie Jones Silver badge

      Re: Avast

      They, and the companies that bought the data should be fined out of existence, and all their board members put in jail. Nothing else will deter them.

      1. Drone Pilot

        Re: Avast

        I agree but sadly, I can't see anything penalising happening for these things.

        a) the fines will be baked into the OPEX

        b) companies will be structured in such a way that they are disposable

        c) GDPR will be found wanting and loopholes will be exploited.

        Take BA for example. So long as their legal fees remain below the £189m they will keep appealing and playing the long game.

        We're fucked when it comes to privacy and, as I keep saying, my mom et al do not care.Just elReg readers.

    3. RegGuy1 Silver badge

      So is Avast in line for some massive GDPR fines then?

      Well they have four days...

      [I know, I know: we will become a vassal state, being a taker not a giver, but you know, we are Engerland (ok the UK if you must), the most important place in the world; and that must be true because some old person told me.]

  4. Anonymous Coward
    Anonymous Coward

    So Google provide Android....

    ....and then allow anyone under the sun to provide "apps" and other "added value software" though Google's Chrome Web Store......

    Then.....after multiple malware horses have bolted through the open door (perhaps affecting thousands or millions of users), they say "Sorry".

    But no way to fix the problems for the hapless users who ALREADY HAVE THE MALWARE.

    Oh....wait....then there's Google rolling out a secret update which borks thousands of business users:


    Am I missing something here? Privacy, security.....responsibility ALL MIA!!!!!!

    1. Giovani Tapini

      Re: So Google provide Android....

      Think of Windows instead of a Google product and re-apply your rant - it comes up with a very similar outcome. You have to treat them all with some caution... Bear in mind too that harvesting is built into Windows so you don't have to faff about downloading extensions!

      1. Anonymous Coward
        Anonymous Coward

        Re: So Google provide Android....

        Microsoft is just trying to be like Google...

    2. Luke McCarthy

      Re: So Google provide Android....

      App stores are the perfect distribution method for malware. You don't have to lure users to your dodgy website and convince them to download and run your program. Instead the user can find your app through a centralised, legitimate platform and all they have to do is click Install. You can even steal the reputation of a legitimate application by copying their name and icon and Google probably won't notice or give a damn. Malware checking? "Curation"? Mostly automated systems that are easily gamed, or underpaid/overworked subcontracted employees in Bangalore that need to approve 100s of apps a day (speculation). By the time your ruse is discovered, thousands or millions of people have already installed and run your malware obliviously.

  5. Barry Rueger

    Bye bye Google

    This is why for the past year or so I've been moving everything possible out of the Googleverse. Though it's a pretty onerous project I ultimately feel a lot more secure knowing that tools I rely on won't just be shut down with no warning , and no practical avenue for appeal.

    I can't imagine building a business that relies on Google.

  6. Anonymous Coward
    Anonymous Coward

    Appstore KYC

    Does Google have strict KYC for developers? IIRC to publish on Apple you need to provide proof of identity and pay $100 a year which probably limits volume of fraudulent developers making policing easier.

    Don't recall Google have similar restrictions.

    1. Claptrap314 Silver badge

      Re: Appstore KYC

      Nah, that would require human interaction, you see...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like