Photo: In Green / Shutterstock.com
Google’s Chrome Web Store, the primary repository for browser extensions, is under scrutiny following revelations of widespread abuse of its search and keyword policies by extension developers. Researchers have found at least 920 extensions that mislead users and enable these abusive extensions to proliferate unchecked by manipulating tactics such as keyword spamming or submitting redundant extensions with identical functionalities.
A notable example of this manipulation surfaced while searching for ‘Norton Password Manager.’ While the official extension appeared in the results, three unrelated entries — ranging from timezone spoofers to audio boosters — were also listed.
“A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last,” noted cyber security researcher Wladimir Palant.
Such discrepancies can lead users to install extensions that are either irrelevant or, worse, malicious.
Google’s search algorithm for the Chrome Web Store attempted to recommend related extensions by analysing their descriptions. This approach, intended to broaden user choices, is being exploited by developers who embed misleading keywords in their extensions. The result? Search outcomes are flooded with inferior or irrelevant options.
One of the primary techniques malicious developers employ is Google’s multi-language description system. Developers leverage this feature to embed thousands of unrelated keywords into descriptions for lesser-used languages like Bengali or Estonian. These keywords, invisible to most users, influence the search index across all languages, enabling developers to bypass Google’s policies.
For instance, the extension ‘Charm-Coupons, Promo Codes, & Discounts’ appears legitimate in its English description. However, when viewed in languages like Armenian or Filipino, the description includes a barrage of keywords such as ‘RetailMeNot,’ ‘SlickDeals,’ and even unrelated names like PayPal and CNET.
Palant uncovered over 18,000 such keywords embedded in the descriptions of this single extension.
These 920 extensions employ these deceptive practices, which he linked to a few developer clusters, including:
- Kodice LLC/Karbon Project LP/BroCode LTD
- PDF Toolbox cluster
- ZingFront Software/ZingDeck/BigMData
- ExtensionsBox, Lazytech, Yue Apps, Chrome Extension Hub, Infwiz, NioMaker
- Free Business Apps
Many of these developers also use additional methods to manipulate search results, such as submitting duplicate extensions under different names and embedding competitors’ names in descriptions.
Despite being alerted to such manipulations in the past, Google has yet to address the issue effectively. Researchers criticised the tech giant’s apparent inaction, stating, “Unfortunately, Google hasn’t been very keen on enforcing this policy in the past. By making Chrome Web Store search index per-language, Google could remove the incentives for this kind of manipulation.”
Currently, Google has not come out with a statement or responded to inquiries about whether it plans to tackle these coordinated to enhance its monitoring systems.
In the News: Gravy Analytics breach exposed sensitive smartphone location data